On this Assist Web Safety interview, Kunal Modasiya, SVP, Product Administration, GTM, and Development at Qualys, discusses latest Qualys analysis on the state of cloud and SaaS safety. He talks about how siloed visibility, fragmented instruments, and a scarcity of incident response expertise go away organizations weak to misconfigurations, account hijacking, and different threats.
Modasiya explains that solely a unified, context-aware safety technique can consolidate threat insights, shut remediation gaps, and align with how companies construct and function functions.
Based mostly on what you’re seeing out there, do you suppose most organizations are realistically ready for the complexity of securing multi-cloud and multi-SaaS environments?
Not but. Whereas cloud and SaaS adoption is accelerating, most organizations nonetheless wrestle with the complexity of securing them. Based mostly on latest analysis we commissioned with Darkish Studying on the state of cloud and SaaS safety, key challenges embrace the shortage of incident response expertise (49%) and chronic points like human error — nonetheless the #1 supply of breaches — similar to misconfigurations, which spotlight the issue in hardening environments proactively.
Siloed visibility and fragmented instruments are main roadblocks. Over 60% of groups can’t correlate findings throughout their cloud and SaaS environments, making it more durable to evaluate threat or reply successfully. As newer applied sciences like containers and AI workloads enter the combination, these gaps widen — many corporations can’t even establish what AI instruments are working of their environments.
Finally, conventional approaches don’t scale on this new panorama. Safety groups want unified visibility, context-aware threat insights, and higher collaboration throughout SecOps, CloudOps, and DevOps to maintain tempo.
One in 4 corporations skilled a cloud or SaaS breach final 12 months. Are we underestimating the chance, or simply failing to operationalize what we all know?
It’s a mixture of each. Many organizations are underestimating the chance — particularly as the character of assaults evolves. Conventional behavioral detection strategies usually fall quick in recognizing fashionable threats similar to account hijacking, phishing, ransomware, knowledge exfiltration, and denial of service assaults. Detecting these kinds of assaults require correlation and traceability throughout totally different sources together with runtime occasions with eBPF, cloud audit logs, and APIs throughout each cloud infrastructure and SaaS.
On the similar time, there’s a significant hole in operationalizing threat in three main areas.
- For threat measurement, groups wrestle to maneuver past CVSS and leverage extra correct threat scoring that comes with enterprise context and exploitability (like assault paths).
- For threat prioritization, particularly in containerized or dynamic environments, most lack the instruments to chop by the noise and deal with what actually issues.
- Threat remediation continues to be too gradual. Siloed patching processes, lack of automation, and worry of breaking manufacturing methods usually delay crucial fixes.
Till organizations mature throughout all three areas, we’ll proceed to see breaches persist — even when the indicators are already there.
What sort of DFIR capabilities ought to safety leaders prioritize for hybrid and cloud-heavy environments?
In immediately’s hybrid and cloud-heavy environments, efficient DFIR (Digital Forensics and Incident Response) requires shifting past conventional strategies. Safety leaders ought to prioritize utilizing the next 5 capabilities:
1. Deep Studying–pushed Risk Detection
As attackers undertake stealthier techniques — from GenAI-generated malware to provide chain compromises — conventional signature- and rule-based strategies fall quick. Deep studying–primarily based anomaly detection is crucial to establish zero-day threats and refined behavioral deviations that legacy instruments might miss.
2. Runtime Safety with eBPF
As attacker dwell occasions improve, safety groups want real-time telemetry and enforcement. eBPF-powered runtime monitoring supplies kernel-level visibility, enabling detection of malicious exercise because it unfolds — and decreasing time-to-response from hours to minutes.
3. Assault-informed Vulnerability Prioritization
CVSS scores alone don’t replicate the true threat to your corporation. By combining assault path intelligence, exploit traits, and enterprise context, organizations can lower by the noise and deal with the vulnerabilities that trigger probably the most threat to the group — particularly in ephemeral cloud and containerized environments.
4. Unified Forensics Throughout Hybrid Environments
Cloud, on-premises, and SaaS ecosystems all produce fragmented knowledge. DFIR success hinges on centralized visibility and correlated telemetry that permits speedy investigation and root trigger evaluation — throughout all environments, in a single place.
5. Automated Response and Containment
Guide containment slows response and will increase threat. Automated workflows — from isolating contaminated belongings to launching remediation actions — cut back dwell time, human error, and enterprise influence.
By adopting these capabilities, organizations can elevate DFIR from reactive cleanup to proactive threat mitigation.
What does a unified cloud and SaaS safety technique seem like in observe? What are the foundational components?
A unified cloud and SaaS safety technique means shifting away from treating infrastructure, functions, and SaaS as remoted safety domains. As an alternative, it focuses on delivering seamless visibility, threat prioritization, and automatic response throughout the total spectrum of enterprise environments — from legacy on-premises to dynamic cloud workloads to business-critical SaaS platforms and functions.
Based mostly on trade knowledge and what we’re seeing within the subject, technique requires these foundational components:
1. Hybrid Cloud Visibility
46% of organizations cite restricted visibility into cloud or hosted environments as a prime problem. That’s why any unified technique should present steady, correlated visibility throughout on-premises, public cloud, and SaaS. With out this, blind spots persist — particularly the place misconfigurations, vulnerabilities, and lateral motion dangers span environments.
2. Versatile, Context-Conscious Scanning
As we speak’s workloads are numerous — long-lived servers, short-lived containers, legacy functions in DMZs, and serverless features. A unified method should assist versatile scanning methods tailor-made to workload sort, deployment mannequin, and enterprise criticality. Static, one-size-fits-all scanning leaves an excessive amount of threat undetected and breaks compliance.
3. Multi-dimensional Method to Threat Prioritization
Efficient cloud safety prioritization requires extra than simply vulnerability scores. By correlating indicators like public publicity, uncovered secrets and techniques, id misconfigurations, and community reachability—and mapping them by an assault path—groups can decide which dangers are actually exploitable. This permits groups to deal with points with the best blast radius and enterprise influence.
4. Built-in, Automated Remediation
With 49% of respondents citing a scarcity of expert manpower and 40% noting restricted automation capabilities, safety groups want greater than alerts — they want motion. Integrating remediation into workflows, leveraging pre-built playbooks, and enabling guided or autonomous patching can considerably cut back MTTR and operational burden.
Patching struggles are actual: 39% of organizations report having problem patching internet functions, whereas 23% cite delays in cloud threat remediation. Automating remediation is not elective — it’s crucial.
5. Correlated SaaS and Infrastructure Threat
Many SaaS functions function on shared cloud infrastructure. But groups usually handle SaaS safety posture (SSPM) and infrastructure misconfigurations (CSPM) in silos. A unified technique should correlate these dangers — serving to groups perceive how a misconfigured Google Workspace account might expose cloud storage or lateral motion paths.
6. Finish-to-Finish Lifecycle Safety: From Construct to Runtime
Safety have to be embedded all through the DevOps lifecycle. 46% of respondents highlighted overly broad entry for builders, whereas 32% cited insecure photographs. Pre-deployment checks (CI/CD scanning, IaC validation) and runtime controls (e.g., eBPF-based menace detection) are each crucial. Equally necessary is imposing checks even when pipelines are bypassed, which occurs extra usually than groups notice.
7. Versatile Licensing to Assist Modernization
39% of organizations face funds constraints — and inflexible, consumption-based licensing usually turns into a blocker to cloud safety maturity. A really unified platform helps software modernization by enabling useful resource flexibility (e.g., shifting license entitlements from on-premises digital machines to containers or serverless), with out forcing re-purchases.
The underside line is a unified technique consolidates threat insights, closes remediation gaps, and aligns with how fashionable companies construct and function functions — serving to groups transfer from fragmented safety efforts to a proactive, risk-centric working mannequin.
What’s your view on balancing native CSP/SaaS telemetry with in-house or third-party instruments?
Native CSP and SaaS telemetry is crucial, but it surely’s not sufficient by itself. Steady stock and monitoring throughout id, community, compute, and AI is crucial — particularly to detect misconfigurations and drift. With 30% of breaches tied to human error, usually from insecure infrastructure as code or extreme privileges, organizations want full code-to-cloud visibility.
At Qualys, we combine native CSP scans by way of APIs and enrich them with our personal vulnerability and threat intelligence from over 25 menace feeds — giving clients deeper, prioritized insights that neither supply might ship alone.
What’s one actionable step you suppose each safety crew ought to take proper now to enhance their cloud and SaaS protection?
Set up a unified stock of all cloud, containers and SaaS belongings — and map every to enterprise context and threat.
You may’t defend what you don’t find out about. But most groups nonetheless lack a single, residing view of what belongings they’ve throughout multi-cloud and SaaS — not to mention that are externally uncovered, misconfigured, or business-critical. Begin by consolidating cloud supplier APIs, SaaS integrations, and menace telemetry into one risk-aware asset stock. Then use that basis to drive prioritization and remediation workflows.
