PwC: Seizing cloud security in a cyberthreat world

Cyberthreats are intensifying. For many businesses, the cloud has become a security imperative when it comes to locking down data and blocking breaches.

PricewaterhouseCoopers (PwC) is working with Microsoft to develop and deliver custom-built cybersecurity tools that help customers safely unleash their digital transformation. The two companies announced a cyber-alliance Monday at the RSA Conference in San Francisco.

PwC, a global professional services firm, has a long history of building proprietary tools and offering advisory practices for clients based on Microsoft technologies. That collaboration now includes PwC’s integration of the Microsoft Graph security API, which helps users safely connect to data in the cloud.

Prakash Venkata, a PwC principal and a leader of the company’s cybersecurity and privacy practice, recently sat for an interview to share his views on bolstering data security and enabling customers to safely go digital

TRANSFORM: What’s the role of cloud and intelligence in staying ahead of contemporary threats?

PRAKASH VENKATA: When used properly, cloud platforms and threat intelligence can be powerful tools in staying ahead of – or at least on pace with – contemporary threats. In the past year, many significant attacks, such as WannaCry and a few high-profile breaches, took advantage of known vulnerabilities to cause billions of dollars in harm.

Utilizing cloud platforms and their highly integrated and flexible security integrations, such as Microsoft Azure and Microsoft 365, can help to keep systems up to date and reduce risks related to known vulnerabilities.

Secondly, even though many attacks follow similar attack vectors, fewer than half of organizations conduct vulnerability assessments, and many struggle to utilize it effectively. Utilizing a threat intelligence platform can help organizations leverage other organizations’ experiences to understand and protect against current cybersecurity threats.

Lastly, many businesses also experience challenges with maintaining a healthy cybersecurity posture in a rapidly changing enterprise. Utilizing cloud services allows organizations to effectively scale without sacrificing security in the process.

TRANSFORM: How does the Microsoft Graph security API enhance and protect security?

VENKATA: The Microsoft Graph serves as the common interface for integrating across various Microsoft products and services, connecting a wealth of resources, relationships and intelligence, through a single endpoint.

Microsoft Graph gives IT professionals and developers the ability to provide consistent, streamlined services across the enterprise. For example, being able to manage Azure Active Directory (AD) through this API allows organizations to accurately manage their environment.

The new security API for Microsoft Graph adds support for both the ingestion of diverse threat intelligence data and the collection of normalized and actionable security data points, all within the context of an API integrated with Microsoft products, services and partners. This two-way communication of security information into an integrated platform provides organizations with the context they need to take steps to mitigate their cybersecurity risks.

The security API provides new avenues to perform security analytics, creating a much simpler and adaptable process for correlating and enriching security data with additional context from Microsoft Graph.

TRANSFORM: In what ways does the Graph security API enable product security?

VENKATA: Microsoft Graph is able to integrate disparate products together with Microsoft resources in a standardized format, providing the ability to effectively integrate with a wide range of applications. It simplifies the coding process for developers, helping streamline this process and reduce the amount of coding errors.

By extending Microsoft Graph to enable integration between security products and services, the Security API serves as a powerful tool in understanding an organization’s assets and securing them appropriately.

Overall, Microsoft Graph provides a powerful but agile toolkit, helping to provide increased product security through improved visibility and protection.

TRANSFORM: Can you describe your experience using the Microsoft Cloud in terms of security and securing data?

VENKATA: I see this as two separate aspects – securing your Azure environment and securing your broader environment using the Microsoft Cloud.

In terms of securing Azure environments, Microsoft provides a number of capabilities. For example, Azure provides tools to control privileged identities, such as the Azure AD Identity Protection and Azure AD Privileged Identity Management.

Azure also provides a great deal of control for assets and resources using native capabilities, including Web Application Firewall, risk scoring and easy integration for web application vulnerability scanning.

In terms of securing data using the Microsoft Cloud, capabilities such as Azure Information Protection provide strong data protection capabilities that are easy for end users to apply on a daily basis.

Of particular interest for many of our clients is leveraging Azure AD Join and Intune for endpoint management. Many of our clients tackling mergers and acquisitions will be able to accelerate their integrations, while also reducing the risk of existing security challenges related to lateral movement and privileged account management.

TRANSFORM: As organizations embrace emerging technologies to do business, how does your company help them achieve this transformation securely?

VENKATA: Many organizations are embarking on digital transformation, trying to leverage emerging technologies including the Internet of Things, artificial intelligence, robotic process automation, augmented reality and new types of cloud services, all to provide differentiated services to their clients.

PwC views itself as a trusted partner, allowing us to provide cybersecurity solutions that are adaptable to clients’ changing needs. PwC brings industry experience and an understanding of this changing business environment.

Our company also brings relationships with our clients to help create agile solutions capable of managing the cybersecurity risks of our clients while enabling their digital transformation journey according to their unique needs.