New Cloud Security Podcast Video: Rajan Kapoor on Email and Workspace Security

In this new video from the Cloud Security podcast, guest Rajan Kapoor, Field CISO at Material Security, discusses recent developments and current challenges in email and workspace security. The conversation covers several key topics, including the transition from email security to a more holistic approach to workspace security, the importance of data visibility and classification, and the practical implications for CISOs and security teams.

Rajan Kapoor begins by explaining that email security has long been focused on preventing incoming threats and detecting threats in transit. However, this traditional approach is no longer sufficient. He emphasizes the importance of protecting data at rest in inboxes and focusing on post-intrusion security. This new perspective includes not only emails but also other components of modern workspaces such as Google Drive, user accounts, and security settings.

A crucial point in the discussion is the interconnection of various productivity tools with emails. For example, co-pilots and virtual assistants can access sensitive data stored in shared files, posing new security challenges. Kapoor mentions that CISOs need to adopt a broader view of workspace security, integrating solutions that provide complete visibility into data and user activities.

The conversation also addresses the differences between Google Workspace and Microsoft 365 environments. Kapoor notes that Google Workspace, often used by younger, cloud-native companies, presents specific challenges related to managing permissions and third-party applications. In contrast, Microsoft 365, often used by companies with hybrid infrastructures, presents challenges related to complexity and the security of legacy infrastructures.

Kapoor stresses the importance of reducing friction between IT and security teams. He suggests that CISOs should adopt tools that facilitate collaboration and reduce the complexity of security operations. For example, instead of replacing one email gateway with another, teams should focus on solutions that offer post-intrusion protection and complete visibility into data at rest.

Finally, Kapoor shares some practical advice for CISOs. He recommends talking to peers to get recommendations on security tools and restructuring proofs of concept to test new security approaches. He also highlights the importance of API-based security, which allows for the retrieval of access to data at rest lost with the adoption of the cloud.

In conclusion, this video provides an in-depth and practical perspective on the evolutions in email and workspace security. It is essential for security professionals looking to stay up-to-date with best practices and new threats.