Rajnish is a fairly rounded personality with excellent experience in product, services sales, business management, post-sale, and project management. His strengths spans over diverse categories including strategy, execution, people development, and deep understanding of technology & solutions.

Why is it becoming so difficult for organizations to keep track of and secure data in the cloud?

The cloud has become an indispensable technology for organizations, valued for its adaptability, scalability, and flexibility, and increasingly used to drive innovative AI applications. However, this surge in data demands stronger security protocols to protect both cloud data and the AI systems dependent on it.

Achieving visibility becomes challenging when organizations lack a clear view of where their data and applications reside, particularly in multi-cloud and hybrid-cloud environments. These blind spots lead to ineffective data monitoring. Moreover, with data and AI applications hosted on third-party infrastructure, organisations have limited control over how data is accessed and shared, increasing potential security risks.

What is data security posture management and why should organizations pay attention to it this Cybersecurity Awareness Month?

Data Security Posture Management (DSPM) is a cybersecurity framework that protects organisational data from unauthorised access, theft, or misuse. It involves continuously monitoring data and potential vulnerabilities, misconfigurations, identity access and risks. DSPM solutions scan cloud infrastructure and detect, including databases, IaaS and SaaS applications, help classify and encrypt data, and offer insights into privileged access granted to users and identities. With data breaches in the cloud making headlines and privacy concerns heightening, organisations need to ensure that their data in protected this Cybersecurity Awareness Month.

What exactly is AI-SPM, and how can organisations improve cyber defence with it?
AI Security Posture Management (AI-SPM) focuses on securing AI and machine learning (ML) systems by identifying vulnerabilities, misconfigurations, and risks associated with AI adoption. It continuously monitors the security posture of AI models, data, and infrastructure. As AI usage has surged in recent years, the need for AI-SPM has grown due to the security risks posed by AI services and packages. Without AI-SPM, organizations cannot track which AI models are in use or detect shadow AI, leading to blind spots where misconfigured public access, exposed keys, or unencrypted data can result in the theft of AI models. Additionally, using sensitive data to train AI models can unintentionally expose personally identifiable information (PII).

Standalone solutions such as data security posture management (DSPM) and AI security posture management (AI-SPM) can shine a spotlight on data and AI resources. However, without proper integration into broader cloud security tools, it’s a real challenge to contextualise and prioritise security findings properly to mitigate the risk in time using the limited resources cyber security teams have.

When DSPM and AI-SPM tools are integrated with cloud-native application protection platforms (CNAPP), they provide a more robust solution. This approach offers deep visibility into data across multi-cloud environments, identifying where sensitive data resides, classifying it by severity levels, and categorising it as proprietary information or personally identifiable information (PII). These tools not only detect suspicious data-related activity before it escalates into a breach but also allow organisations to manage access to sensitive data, revoking permissions where necessary.

What is the most effective way to protect data in the cloud? What stops organisations from adopting this method?
Adopt a "zero trust" security model that requires all users—whether internal or external—to be authenticated, authorised, and continuously validated before accessing data. This approach enforces time-limited access and the principle of least privilege, limiting users to only the data essential for their roles.

Support this model by implementing a cloud-based Data Security Posture Management (DSPM) solution with continuous monitoring, automation, prioritisation, and enhanced visibility into data risks. DSPM helps organisations identify and prioritise security threats based on severity, enabling focused response to the most critical issues.

Conduct regular risk assessments to proactively uncover and mitigate security risks, reducing the potential for data breaches and minimizing incident impact.

Securing data in the cloud is a way to safeguard our information and reinforce the foundation of the digital world, ensuring a protected future where innovation promises trust and security

Finally, strengthen organizational security by training employees on best practices, including creating secure passwords, recognizing risks, and promptly reporting suspicious activities.

What aspects of cloud security need more awareness building and why?
Managing risks from third parties—such as partners, service providers, and vendors—is crucial, especially when these trusted organizations have access to your cloud environment and data. Ensure these third parties implement robust cloud security practices to protect both their access and your broader cloud infrastructure.

Secure all identities, as recent incidents have shown how easily data breaches can result from simple lapses, such as failing to secure privileged admin accounts with multi-factor authentication (MFA).

Adopt best practices to prevent ransomware attacks and reduce their impact if they occur. Ransomware groups often gain control over systems and threaten to expose sensitive data, making proactive security essential to protect against these attacks.