Guest: Utpal Bhatt (LinkedIn)
Company: Tigera (Twitter)

While the cloud-native environment has opened up a whole new world of possibilities, it also presents numerous challenges for security in the complex environment. Even with security being baked into the development lifecycle earlier, the potential attack surface has increased substantially and traditional security tools are no longer sufficient for the job. 

In this episode of TFiR: T3M, Swapnil Bhartiya catches up with Utpal Bhatt, Chief Marketing Officer at Tigera, to discuss this month’s topic, Security and Compliance. Bhatt talks about how the attack surface has increased and the need for different tools to address the sheer number of attack vectors. He discusses how far companies have gotten in implementing zero-trust principles. Bhatt then goes on to talk about Tigera’s solutions and how they are helping secure cloud-native applications. 

Key highlights from this video interview are:

• Security has changed with the cloud-native world from the shift-left movement to securing the different aspects of the application. Bhatt talks about how security has been baked earlier into the development cycle. He discusses how the scope of the attack surface has changed and what that means for securing applications. 
• Since there are a lot of attack vectors the tools that are being used to tackle this problem are somewhat siloed. Bhatt explains how this can create a lot of noise for security professionals, while security still burdens developers with the shift left movement. He questions the effectiveness of this approach since breaches continue to occur. 
• Bhatt explains that they do a lot of industry-specific threat research to ensure they are seeing the threats across the board. Threat actors are becoming more sophisticated yet he does not feel that there is one particular type of attack that has increased in particular. 
• Customers are aware of zero trust, but implementing it varies depending on the different industries. Bhatt discusses how they are seeing zero trust principles at the perimeter level but not so much in environments such as Kubernetes where there is no fixed perimeter. 
• Bhatt believes that during the last few years many companies, including security companies, were hiring before the demand or overhiring and now are looking to trim down their teams. 
• Tigera aims to provide a complete solution to secure cloud-native applications. Bhatt takes us through the capabilities of their app and how it provides comprehensive protection against all security threat vectors and their Threat Defense solution, which provides protection against container-based threats and network-based threats. 
• Bhatt explains how their environment is completely plug-and-play enabling people to get up and running quickly. He also talks about the importance of always assuming a breach and how their solution enables you to automatically deploy compensating controls in the case of a breach to contain the scope of that breach. 
• Bhatt shares three pieces of advice saying improving your security posture starts with a mindset and trying to reduce the attack surface; there is a need for defense in depth and having multiple layers of security control; thirdly, there needs to be empathy between the different kinds of roles involved from the developer to the security team.  

This summary was written by Emily Nicholls.