In The Boardroom With...

Cristina Gillaspie

SecuritySolutionsWatch.com:  Thank you for joining us today, Cristina. One will read at CloudShyft, that your solution is a“OneStop Cloud Shop….for moving, operating, and securing your business in the cloud.” Before drilling down into CloudShyft services a bit further, please tell us about your background and may we have a brief company history?

Cristina Gillaspie: Before starting CloudShyft, I had the pleasure of standing up the first authorized commercial cloud access point(CAP)in the DoD. I also led several projects that were some of the first accredited cloud projects in the DoD. I started a small disadvantaged women-owned business specializing in cloud solutions. We’ve been in business since January 2018.

SecuritySolutionsWatch.com: Please tell us about CloudShyft servicesand what is the unique value proposition that CloudShyft delivers to your customers?

Cristina Gillaspie: CloudShyft’s unique value position is in getting from talking conceptually about cloud to getting it implemented. This is often an enormous sticking point as it is still“new”to leadership and poor implementations can cause both financial and technical issues. All organizations have different needs, so there is not a one-size-fits-all approach. CloudShyft focuses on the assessment of a business’s requirements and the suitability and planning that goes into migrating an enterprise’s applications securely to a cloud service.

SecuritySolutionsWatch.com: Seems to us Cristina that your timing is incredibly good for CloudShyft at this moment in time. We’ve all seen the recent headlines regarding the Marriott breach,  Cryptolocker - NotPetya - WannaCry, Equifax, Ticketmaster, Uber, My Heritage,  Orbitz,  and the ransomware attack on the city of Atlanta. Your thoughts?

Cristina Gillaspie: I can’t stress enough the importance of securing your data in the Cloud. In DoD and the Federal Government, cloud solutions must comply with minimum cybersecurity standards that are described in NIST Guidelines. The advantage and disadvantage of this guidance is its flexibility. The guidance lists goals, however demonstrably achieving those goals is up to the individual system owner. This gets even more complicated with the type of data stored. For instance, health institutions have HIPAA; there is a multitude of rules for protecting personally identifiable information(PII)and, of course, different levels of data classification.

If leveraged properly Commercial Cloud solutions can flexibly and cost-effectively enhance the security posture of the organization by taking advantage of technologies that would be excessively prohibitive to deploy for any but the largest groups, taking advantage of Commercial Cloud provides additional means to protect data, enhance your access control, accountability, identification and authentication, system and communications and more. The problem with the flexibility is that there are many ways to solve for security controls and matching the solution to the organization's mission is CloudShyft’s primary focus.

CloudShyft helps to navigate the assessment and design of the forward facing solution. The best practices in protecting government systems also apply to commercial entities. Regardless of whether the group is Federal or Commercial, the CloudShyft goal is to be proactive in defense by taking advantage of Cloud technology and also in ensuring the organization knows they play a critical role in the protection even after transferring. Cyber Security tends to be an afterthought in most organizations with little attention paid until a bad agent exploits a vulnerability. It is a shame that it takes an attack to spur a company to practice good security hygiene and, at that point, it’s often too late.

SecuritySolutionsWatch.com: We understand that CloudShyft has recently entered into a strategic relationship with Xiid.com. Please tell us more, Cristina….why Xiid?

Cristina Gillaspie: I am always excited when I see technology that offers an innovative approach to dealing with issues. When a group extends their system into the cloud, there is an enormous advantage for collaboration by allowing login through the cloud system. However, the current best practice is to extend the Active Directory sign-on process into the public cloud. This increases the attack vectors of groups leveraging collaboration, and frankly, that is one of the most valuable parts of cloud solutions.

Xiid is currently the only vendor that offers a one-way single sign-on solution for identity management meaning that Xiid only leaves a request queue in the cloud with only an outbound connection to it performed by an unreachable on-premise agent. There is virtually no external attack surface for hacker’s to exploit and it supports single sign-on with CAC and PIV authentication. By only allowing twice-encrypted and twice-digitally-signed, JSON signaling data back through this outbound channel through the firewall, the chance of compromise is greatly reduced. This is critical as it allows more control by keeping the login information safely behind the organization’s firewall.

The 2017 Data Breach Investigations Report from Verizon stated that outsiders perpetrate 75% of breaches and 51% involved organized criminal groups. If the bad actors can’t“see”a system to attack either because of port closure or encryption, then they can’t even use tools like password hackers since there is nothing to run them against.

Xiid from what I have seen is unique in protecting the Active Directory or LDAP login in the hybrid cloud environment. Xiid works in collaboration with organizational boundary protection tools. When combined with strong internal protections, Xiid reduces an organization’s risk significantly.

With Xiid, you are looking at the capability to orchestrate microservices across hybrid and multi-public cloud environments with a single sign-on. It also allows for traceability back to the user. From an identification and authentication perspective, this is huge.

SecuritySolutionsWatch.com:  Any other partnerships, pilots,“wins”,or success stories in the pipeline you care to mention?

Cristina Gillaspie: I am very excited about my recent partnerships with DLT, Insight, and Intelisys. This ecosystem of IT providers allows CloudShyft maximum flexibility in providing cloud services, connectivity, hardware and licensing at a good price point for our customers.

SecuritySolutionsWatch.com: What are your key target markets?

Cristina Gillaspie: My key target markets are system integrators and start-ups. I want to make it easy for an enterprise to assess, plan, acquire and implement cloud services.

SecuritySolutionsWatch.com: As we head into 2019… what lies ahead for CloudShyft?

Cristina Gillaspie: I want to focus on growth for CloudShyft in the coming year. There are several opportunities in the pipeline that I would like to occur in 2019, so keep your fingers crossed for me.

SecuritySolutionsWatch.com: Thanks again for joining us today, Cristina. Any other subjects you’d like to discuss?

Cristina Gillaspie: Thank you for having me. I appreciate you reaching out.