Aqua Security: Providing prevention, detection, and response

Paul Calatayud is cyber security industry veteran with more than 20 years of experience ranging from Fortune 500 companies to startups. Prior to joining Aqua, he served as Chief Security Officer at Palo Alto Networks and Chief Technology Officer for Firemon. Before that, he held CISO roles at Surescripts, Vesta, and executive roles at UnitedHealth Group and BestBuy. Calatayud holds multiple certifications, including CISSP, CISA, CISM, and GCIH, and has a B.S. in information technology, an M.S. in information security, and a Ph.D. in leadership. 

Can you tell me about Aqua Security? 

Aqua Security stops cloud native attacks. As the pioneer and largest pure-play cloud native security company, we help our customers unlock innovation and build the future of their business. Our platform is the industry's most integrated Cloud Native Application Protection Platform and secures the entire application lifecycle through prevention, detection and response. Aqua was founded in 2015 and is headquartered in Boston, Massachusetts and Ramat Gan, Israel, serving Fortune 1000 customers in over 40 countries.

What is your role and responsibilities at the company? 

In my role as CISO, I lead Aqua’s internal security programme, which means l am responsible for scaling the security programme, shaping strategies to advance innovation in cloud native security and working with customers to enhance their cloud native security posture. I focus on ensuring the integrity and security of Aqua’s solutions, so we can maintain the highest level of trust with our customers as they navigate their cloud transformations.

What is one of the best pieces of advice you have ever received?

The best advice I’ve ever received was to listen and help others without the expectation of getting anything in return. It’s not always as natural for me as I’d like it to be, but I’ve worked to mindfully apply it to my relationships over the course of my career. Not having an expectation of reciprocity really changes so much in regard to your success, because people warm to you. Working to build those relationships and paying it forwards has so many benefits. It’s been more than ten years now since I had to fill out job applications - it’s the relationships I’ve built that get me through the door now.

Is rapid digital transformation and migration to the cloud leaving businesses with gaps in their security?

Yes, it does because that rapid pace of innovation changes the security dynamic, and how security is performed. If you consider the likes of DevOps and automation - all these cloud characteristics create new security gaps. As more and more applications are built and run in the cloud, it’s no surprise that we’re seeing threat actors shift their focus to target cloud native environments. This demands a new approach to security. Many organisations are beginning to understand that cloud native security is not just a ‘nice to have’.

It is projected that cloud native will support more than 90% of new digital initiatives by 2025, so we’re at a critical point where cloud native security must be prioritised by both the security and DevOps teams. Traditional tools are simply not effective, and organisations must seek out solutions that will stop cloud native attacks at every level.

What can organisations do to protect their cloud environments against cyberattacks?

Our 2022 Cloud Native Threat Report found that as companies continue to adopt cloud native technologies at a rapid pace, an increasing number of cyber threats are targeting the cloud native environment. Our research shows that adversaries are adopting more sophisticated techniques, for example, leveraging multiple attack components and shifting attention to Kubernetes and the software supply chain. To defend against these threats, security practitioners, developers and DevOps teams must seek out security solutions that are purpose-built for cloud native. Implementing proactive and preventative security measures will allow for stronger security and ultimately protect environments. To ensure the security of cloud environments, organisations should be implementing runtime security measures, taking a layered approach to Kubernetes security and scanning in development.

What do you see as being one of the top emerging cyber trends this year?

The focus on cloud security is one of the top trends of 2022, in fact, it has also become the number one board-level initiative with organisations spending billions on it. As organisations have undergone digital transformation, the cloud has become an integral and essential part of the business. Thankfully, this shift has been reflected in the security world, and businesses are starting to prioritise keeping the cloud secure. 

Another hot cybersecurity talking point centres around trust and sustainable innovation, which is what it takes for a concept or a technology to catch on and become mainstream. It has to be trustworthy. An innovation becomes mainstream when we blindly trust or accept the tech to do what it’s expected to do.

End-user trust and confidence will continue to determine what takes off in the industry - and in the immediate future, that will continue to be cloud security.