Kamal Shah is the president and CEO of StackRox, a company that offers security for Kubernetes-built apps, a growing market in the industry. Shah has worked in the industry for a long time, most recently as the senior VP of products and marketing for Skyhigh Network, a market leader in cloud security that was acquired by McAfee in early 2018.
The StackRox leader agreed to a quick interview with TechNadu and we discussed the company's work, the security risks we all face, the IoT world, and how we can all be safer online. Without further ado, here's what Kamal Shah had to say about all these and more.
TechNadu: StackRox is one of the companies that helps enterprises secure their cloud-native apps built on Kubernetes. Tell us more about the solutions you bring to the table.
Kamal Shah: StackRox took a fundamentally different approach to secure containerized environments by building a platform that is both containers native and Kubernetes native. By focusing on both containers and the de facto industry-standard orchestrator Kubernetes, our platform delivers more comprehensive insights and protection. In particular, our Kubernetes-native architecture enables us to deliver a richer context – tying together a broad assortment of information lets us prioritize risk in our customers’ environments so they can focus on the problems that need immediate attention -, as well as native enforcement – relying on the inherent controls in the Kubernetes ecosystem gives our customers robust, scalable, and portable enforcement and ensures alignment between DevOps and Security -, and continuous hardening – leveraging information learned at build and deploy strengthens our insights during runtime detection and response, and vice versa, so our customers experience an ever-shrinking attack surface.
TechNadu: One of StackRox's customers stood out - the US Department of Homeland Security. How is it that you aid Homeland in their job?
Kamal Shah: We work with the Science and Technology division of the DHS. The group’s goal is to identify and promote innovative cybersecurity technologies to our country's critical infrastructure, such as the financial industry. We’ve been working with DHS on this initiative for several years. We’re now entering Phase III of the program, which involves the deployment of technology such as StackRox to participating in large financial institutions and regional banks.
TechNadu: StackRox recently won the SC Magazine award for Best Emerging Technology. Tell us what this award means to you and your company.
Kamal Shah: This award is unique in its high industry visibility – and in the fact that it applies very stringent evaluation criteria and it simply cannot be bought. It is incredibly gratifying and a tremendous validation of our product and technology.
TechNadu: You've been in the cloud security business for a long time. What are some of the biggest dangers to businesses who use the cloud for their daily operations?
Kamal Shah: Cloud providers and the cloud-native architecture stack bring significant security advantages. Companies like AWS, Google, and Microsoft invest far more on security than any single enterprise ever could, and by a significant factor. And containers and Kubernetes offer compelling security capabilities simply because of their immutable and declarative architecture. The risk really comes with a lack of familiarity with the capabilities and the assumption that because the platform has certain security features that those features are turned on. Keep in mind that containers and Kubernetes are first and foremost developers’ tools – they enable fast development and lots of inter-system communications. The challenge for enterprises, then, is to understand what’s enabled by default, how their systems are exposed, and what best practices they must follow to protect these environments.
TechNadu: The cybersec landscape is ever-changing. What do you see to be one of the biggest threats to our collective security nowadays?
Kamal Shah: Nation states and organized crime are succeeding in their attacks – look at the increased success of ransomware for example. That success breeds continued motivation to innovate on these attacks. The increased interconnectedness of our systems – while the fuel of so much of our growth and innovation – also represents our biggest risk, since these bad actors have many avenues to reach increasingly broader attack surfaces.
TechNadu: In recent years, the rise of IoT devices has given birth to a lot of unsecured devices. Many voices in the cybersec industry call for government regulation since the manufacturers don't seem to be taking things seriously. Do you think this is something that should be done?
Kamal Shah: At a minimum, the government should take the lead in defining minimum security standards and certifying whether certain devices meet those requirements. As we think of national initiatives such as automobile safety standards and alcohol consumption laws, we’ve seen our government successfully lower risk to our population. As these IoT devices move from convenience or novelty – a golf club with a sensor and WiFi connectivity that helps me improve my golf swing comes to mind – to critical health devices such as pacemakers or physical security devices such as locks, the government can be effective at elevating safety standards for our entire country.
TechNadu: What about you? Do you have any IoT devices in your home? How did you choose what to allow there and what not?
Kamal Shah: Alexa and Hey Google are the words most frequently spoken in our household – and by a wide margin. It is impossible to fight it, so you have to be proactive and put controls in place. For example, make sure that these devices are connected to a guest WiFi network and not your home network.
TechNadu: When it comes to security, many people turn to VPNs as an added layer of safety. What is your take on this? Is this something you would recommend?
Kamal Shah: VPNs do augment security, and their usage is fairly standard, but people also need to be cognizant of the risk to data at rest vs. data in motion. Storing as little data as possible, and encrypting that which you do store, are crucial steps alongside VPNs to improve your security posture.
So, what do you think? Do you agree with Shah? Let us know by dropping a comment in the section below and please share the article online if you have the time. Follow TechNadu on Facebook and Twitter for more tech news, interviews, guides, and reviews.