Join Sean Martin and Michael Mychalczuk during Black Hat SecTor 2024 for a new 7 Minutes on ITSPmagazine Short Brand Story as they unpack the complexities of managing multi-cloud environments and the essential strategies to ensure security. Discover expert insights on how businesses can navigate these challenges and thrive securely in today’s multi-cloud world.
In this 7 Minutes on ITSPmagazine Short Brand Story recorded during Black Hat SecTor 2024, host Sean Martin sits down with Michael Mychalczuk, Director of Product Management for ArcSight at OpenText, to dissect the complexities of multi-cloud environments. Hosted during Black Hat SecTor 2024 in Toronto, they share invaluable insights into why businesses are increasingly finding themselves managing multiple cloud services.
Mychalczuk explains that while many organizations initially hoped to stick with a single cloud provider, factors such as mergers, acquisitions, and specific technological pushes from giants like Microsoft and Google have made multi-cloud unavoidable. This proliferation presents unique challenges, particularly in maintaining security across varied platforms. He highlights the critical need for collaboration between security operations and IT operations teams. “No one person can know all of this,” Mychalczuk notes, emphasizing the importance of teamwork and specialization. He advises focusing on essential areas like identity management and automation to minimize human error and ensure consistent and secure deployments.
Sean Martin and Michael Mychalczuk also discuss the importance of leveraging technologies such as Kubernetes and container security to manage and secure multi-cloud environments effectively. Mychalczuk stresses the value of robust monitoring tools like ArcSight to detect and respond to threats across these diverse systems, ultimately enabling businesses to succeed securely in today’s fast-paced world. In closing, the emphasis on understanding one’s maturity as a security operations team and aligning efforts accordingly stands out as a key takeaway.
Note: This story contains promotional content. Learn more.
Guest: Michael Mychalczuk, Director of Product Management at OpenText [@opentext]
On LinkedIn | https://www.linkedin.com/in/michaelmychalczuk/
Resources
Learn more and catch more stories from OpenText: https://www.itspmagazine.com/directory/opentext
Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Mastering Multi-Cloud Management | 7 Minutes on ITSPmagazine from Black Hat SecTor 2024 | An OpenText Short Brand Innovation Story with Michael Mychalczuk
Sean Martin: [00:00:00] And hello everybody. You're very welcome to a new seven minutes here on ITSP magazine. A short brand story where we're going to talk about multi cloud today coming to you live from sector in Toronto. I'm here with Michael Michalczyk. Well done. Look at that. Well done. Two, two points to me for, uh, for getting that.
Uh, Michael, a brief, uh, brief couple of words about OpenTech.
Michael Mychalczuk: Well, well, thank you for having me on your podcast. Appreciate that. So I'm the director of product management for ArcSight, which for most of your listeners, they'll be familiar with as a longtime sim from what you and I were talking about. So I've done that and I've been a product manager.
Prior to that, I worked for a small, or a telco in the United States, T Mobile. Was Sprint now T Mobile and worked. So I moved from I. T. operations to soft to security to now. My role here is a director of product management.
Sean Martin: Nice one. And you're on a panel today talking about multi cloud and. Uh, you by [00:01:00] far were the most vocal, uh, and I think the audience, uh, was receptive to that as well.
Um, can you give me a view of kind of the state of multi cloud, what some customers are dealing with, uh, there? Right.
Michael Mychalczuk: Yeah, so when we look at our customers, We see a trait that I think many would follow. And that is, they originally did not want to go down that road. They wanted to be in one cloud if they could possibly get away with it.
However, when you looked at, like, how Microsoft has done with how they've moved all the Windows products into Azure, kind of have forced people into that realm, you see kind of the things with Google making a big push on AI, That or by mergers and acquisitions, more and more organizations are just getting forced to having to deal with that problem.
And so now, all of a sudden, they have their on premise state. However big that was, now [00:02:00] they've got a minimum of one and more and more increasingly, they're like Noah's Ark, they've got one of everything it seems like, and now they've got at least all three of them in there somewhere. So we see this happening and we see customers really struggling on how to handle this sudden explosion.
Sean Martin: So years ago I always thought You might deal with the technology in terms of lifting and shifting and getting stuff from one place to another and some transition or transformation there. And that would require different talent and different skills. Talk to me about that. Yeah, I guess. How does that look today?
Michael Mychalczuk: So now what it is is no one person can know all of this. Okay. And we all remember the people in our past who wanted to be the know it alls. Okay. You can't do it anymore. So what I see more and more of our customers and even what I'm having to do in our, with our teams is. Really partner as security operations professionals with our I.
T. Operations teams. Because [00:03:00] why they're having to learn this? They've got those expertise. And now how do we use those relationships to work together?
Sean Martin: And For me, so, I mean, there's so much involved, even just managing one cloud. Right. But now managing multiple, you have the deployment, you're building stuff, you're maintaining it.
Michael Mychalczuk: Right.
Sean Martin: Uh, there are technologies to kind of shim and, and work across them. Uh, Where do you see some of the biggest challenges?
Michael Mychalczuk: So, it's funny because as security professionals, we do, we've gone out of our way to try to reduce the attack surface as much as we can. And now, the business is shoving multiple clouds on us and just exponentially blowing it back up again.
Uh, one of the, the key areas that I see there is around how do you deal with all the human factor? And what I mean by, so like I said, in the ca call or on the stage today, pick your battles. Pick the ones that you, the hills you've gotta die on. [00:04:00] So for me, the big things that I tell people is you're not going to understand all the ins and outs of the clouds.
Understand the key things. Start with identity. If you can't control who has access and what role they have, access everything else underneath, it's gonna fail. Start there. Find your key comp, your technical controls. Make sure all of your clouds have those. Don't try to solve world hunger. Automate.
Automate your templates, so that your business partners can self deploy, but they will always deploy consistently. One of my mentors who taught me architecture said, the minute you have a single human being involved in a process, you have 100 percent chance of failure.
Sean Martin: I wrote that quote down. I was going to do a post for that.
Yeah. But, um, so, we How can we, the human factor of course, but how can we leverage technologies, obviously just Kubernetes and containers and things like that? So, I think we're
Michael Mychalczuk: embracing that. So, one of the things [00:05:00] is, is when, on your, on your side, spend time thinking about how to secure the container. Okay, really give that some thought, because remember, if you get the container security right, lots of other problems kind of solve themselves because of the nature of the container.
So, invest there. Invest in the automations of deployments. You know what you need to deploy in a secure airway. Be vigilant on those, and don't compromise on that. Look, it's going to be boring for your roadmap to say, Make this so we don't get shot. But, the benefits later on are worth it. So, organize there, use technology there, use monitoring like tools like ArcSight, like some others.
There are other options you can choose, but why? Because we know how to monitor these disparate environments and help you detect the threat and respond to it more effectively.
Sean Martin: So, in the spirit [00:06:00] of enabling business to succeed securely, Yeah. Um, How do you see the cloud continuing to transform businesses and how does security play a role in there?
And maybe more pointedly some of the stuff you do with open text to help.
Michael Mychalczuk: Yeah, so I definitely see cloud as being something in the Foreseeable future that companies have to deal with. Do I think cloud makes anything more or less secure? No, but do I think it helps in the bit being a delivering business?
Yes, business. Yes, for, uh, for us, I will wrap it up like this, I would say, know where you are in your maturity as a security operations team. Punch at your weight. Get help on the areas that you don't know. And really line that up carefully. Because now, if you've got that, and now you can be a business enabler, you can help your business partners deliver the services at the speed of business and help them be more [00:07:00] successful.
Sean Martin: Speed of business. That's what it's all about. It is. And speaking of speed, that's seven minutes here on ITSP Magazine. Thanks so much, Michael.
Michael Mychalczuk: My
pleasure.