The Security Strategist

Podcast series: The Security Strategist
Guest: Amit Megiddo, CEO and Co-Founder, Native
Host: Richard Stiennon, Chief Analyst Researcher at IT-Harvest
In the recent episode of The Security Strategist Podcast, Amit Megiddo, CEO and Co-Founder, Native, joins host Richard Stiennon, Chief Research Analyst at IT-Harvest, to discuss a growing challenge in enterprise cloud security. Enterprises are investing heavily in cloud providers’ built-in controls, yet risk persists when those controls are not consistently enforced across complex environments.
According to Megiddo, the problem isn't a lack of tools, but a failure to make them work effectively. Drawing on his experience launching Amazon GuardDuty at Amazon Web Services, the Native CEO explains that enterprises have hit a tipping point. The challenge is no longer about visibility. It is about executing at scale across complex multi-cloud environments.
What is the Execution Gap in Cloud Security?
Cloud providers such as Amazon Web Services, Microsoft Azure, Google Cloud, and Oracle Cloud offer a wide range of built-in security features. Yet, as Megiddo points out, most enterprises are only using a small part of what is available.
“The easy part is turning controls on,” he says. “The hard part is making sure they consistently deliver security results.” This is where many enterprises struggle. Security teams create policies, but platform teams carry them out. In the process, vital context is lost. The result is a disjointed approach where risks are identified but not effectively managed.
Megiddo calls this the “execution gap.” It is a fundamental issue in how enterprises handle cloud security. Even with sophisticated CSPM and CNAP tools, organisations remain mostly reactive. They are relying on detection and fixing problems instead of preventing them.
How to Move From Detection to Policy-Driven Enforcement
The podcast spotlights a key shift in enterprise security strategy – moving from detection controls to proactive, policy-driven enforcement. Conventional methods focus on spotting issues—like unencrypted or publicly exposed data—and then starting remediation processes. However, as cloud environments grow, this method becomes untenable.
Megiddo suggests embedding security directly into the architecture:
Preventing non-compliant resources from being created
Designating approved regions for workloads
Enforcing network isolation rules for sensitive environments, such as AI training workloads

This “secure-by-design” approach turns security from a reactive task into a core operational control. However, implementing this is not easy. Enterprises must translate high-level policy goals into thousands of low-level settings across various cloud providers, each with its own APIs, services, and policy frameworks.
“It’s not just about writing the policy,” Megiddo emphasises. “It’s about safely rolling it out, simulating impact, managing exceptions, and ensuring it stays enforced over time.”
It creates new operational needs such as simulation tools, drift detection, real-time developer feedback, and automated exception handling. Essentially, cloud security becomes a continuous process rather than a one-time setup.
Why is the Unified Control System Critical?
The main takeaway for enterprise leaders is that cloud security is no longer just about managing risks; it is becoming an edge in the market. As major providers continue to invest heavily in native security features, the real differentiator will be the ability to coordinate and enforce those tools effectively.
Megiddo’s vision is straightforward: a unified control system that lets enterprises define security intent once and apply it consistently across cloud and hybrid environments.
In an industry shaped by AI, multi-cloud complexity, and rapid digital changes, this ability could determine how quickly—and securely—enterprises can progress. For CISOs and IT leaders, the message is clear: the future of cloud security lies not in observing more, but in doing more—with precision, consistency, and scale.
Key Takeaways
Shift from detection to proactive, policy-driven cloud security to reduce risk.
Multi-cloud across Amazon Web Services, Microsoft Azure, and Google Cloud requires unified enforcement.
CISOs need tools that turn security policy into automated controls.
Secure-by-design cloud architecture protects AI and enterprise workloads.
Strong cloud security execution drives scalability and resilience.

Chapters
00:00 The Cloud Security Landscape
03:11 Challenges in Implementing Cloud Security
08:00 Transitioning to Proactive Security
12:26 The Evolving Role of Security Leaders
16:42 Future Trends in Cloud Security

For more information, please visit em360tech.com and native.security.
Follow: @EM360Tech on YouTube, LinkedIn and X
Native LinkedIn: https://www.linkedin.com/company/native-security/
#CloudSecurity #PolicyDrivenSecurity #CloudEnforcement #MultiCloudSecurity #SecurityByDesign #ExecutionGap #CISOs #TheSecurityStrategist #NativeSecurity #CSPM #CNAP #EnterpriseSecurity #NativeSecurity #AmitMegiddo

If you've ever tried to navigate the FedRAMP authorization process, you already know it's slow, expensive, and tedious when it comes to the documentation. For cloud service providers (CSPs) hoping to sell to the federal government, it has long been one of the biggest barriers to entry. That’s now changing. FedRAMP 20x is the most significant modernization of the Federal Risk and Authorization Management Program in its history and is reshaping how CSPs can achieve compliance.
In this episode of the Security Strategist podcast, Kenny Scott, founder and CEO of Paramify, joins host Richard Stiennon, Chief Research Analyst at IT-Harvest, to unpack what’s changing, why it matters, and how it could redefine the path to federal authorization.
FedRAMP 20x is set to help CSPs approach compliance by cutting costs, reducing timelines, and shifting the focus from paperwork to verifiable security evidence.
What Is FedRAMP And Why Did It Need to Change?
FedRAMP, the Federal Risk and Authorization Management Program, provides a standardised framework for the security assessment, authorisation, and continuous monitoring of cloud products and services used by U.S. federal agencies. In theory, it's a smart idea: one unified security standard that any agency can rely on.
In practice, the traditional process became a bottleneck. Scott puts it bluntly: "FedRAMP's original design had a fatal flaw; it prioritized documentation over deterministic security evidence."
The result? CSPs were spending months, sometimes years, and hundreds of thousands of dollars compiling documentation packages that didn't necessarily make their systems more secure. Agencies weren't getting the real-time, verifiable security assurance they needed. And smaller, innovative CSPs were priced out entirely.
Problems with Traditional FedRAMP
Lengthy approval times as authorisation could take 12–18+ months, delaying market entry for cloud providers.
High compliance costs with smaller CSPs often couldn't afford the financial burden of full FedRAMP authorization.
Documentation overload with extensive paperwork, distracted from actual security practices and outcomes.

FedRAMP 20x
FedRAMP 20x goes beyond a version update; it signals a fundamental shift in how compliance is defined in modern cloud environments. Announced by the General Services Administration, the initiative is designed to make authorizations faster, cheaper, and more meaningful.
Changes in FedRAMP 20x:
Streamlined authorization processes, which means faster pathways to approval, reducing time-to-market for CSPs.
Automation-first compliance that replaces manual documentation with automated, machine-readable security evidence.
Risk-based flexibility that tailors requirements to the actual risk profile of a service, rather than a one-size-fits-all model.

As Scott explains, the shift is from compliance as a paper exercise to compliance as a continuous, evidence-based practice. Agencies want real, deterministic security evidence, and FedRAMP 20x is built to deliver exactly that.
What FedRAMP 20x Means for Cloud Service Providers
For CSPs, the modernization is a double-edged opportunity; those who adapt quickly will gain a significant competitive advantage; those who don't may find themselves falling behind as the compliance landscape evolves.
On the opportunity side, the most immediate impact is a faster time to market. With streamlined approval processes, CSPs can move through authorisation more efficiently and reach federal customers sooner than before. This acceleration is paired with lower compliance costs, as reduced documentation and administrative burden free up resources that can instead be directed toward innovation and strengthening security capabilities. Perhaps most significantly, the changes help level the playing field, enabling smaller CSPs with strong security practices to compete more effectively against larger, established incumbents.
At the same time, these benefits come with new demands. CSPs will need to stay closely aligned with an evolving framework, continuously tracking updates and guidance as FedRAMP 20x matures. In addition, fully realising the advantages of the new model will require investment in automation. Organizations that adopt compliance and security automation tooling will be better positioned to keep pace, reduce manual effort, and maintain consistent alignment with the updated requirements.
If you would like to find out about this visit paramify.com and connect with Scott on LinkedIn.
Chapters
00:00 — Introduction to FedRAMP 20x
13:42 — The Need for Change in FedRAMP
20:20 — FedRAMP 20x: A New Approach
28:27 — Success Stories with FedRAMP 20x

Takeaways
FedRAMP 20x modernizes federal cloud security compliance by replacing documentation-heavy processes with automation and evidence-based security.
The traditional FedRAMP process was slow, costly, and document-intensive — a barrier that limited innovation and market access for CSPs.
CSPs that invest in automation and stay ahead of evolving requirements will gain a clear competitive edge in the federal marketplace.
Kenny Scott and Paramify are at the forefront of helping organizations navigate this shift intelligently and efficiently.

Keeping your organisation’s systems secure can feel like an endless battle. Patch management and vulnerability mitigation are often seen as tedious tasks, but they form the backbone of effective cybersecurity. In this episode of the Security Strategist podcast, host Richard Stiennon and Mike Walters, co-founder of Action1, break down why patching remains challenging and share practical strategies to make the process simpler, smarter, and more effective.
Patch Management Remains a Challenge
Patch management has been a concern since the earliest days of computing, dating back to mainframes and early PCs. Despite technological advances, it remains a "busy work" task that many IT teams find overwhelming.
So what makes patching so hard today? One of the main reasons patching is still so difficult is the constant evolution of IT ecosystems. As Walters explains, "The biggest challenge is the ever-evolving nature of software with different applications, sources, and methodologies."
Operating systems, third-party apps, and custom configurations all require tailored approaches for updates and patches, making uniform processes impossible. Large organisations often have hundreds or thousands of devices, each running different software versions requiring specific patches and testing before deployment. The COVID-19 pandemic has dramatically shifted traditional patching strategies. Pre-pandemic, enterprises could rely on corporate networks and distribution points for patches. Now, a dispersed workforce, VPNs, and hybrid cloud architectures have made remote patching more complex.
As Walters notes, "Remote endpoints become a big challenge. You need network-agnostic solutions that work regardless of whether a device is connected to the corporate network or a coffee shop." Connection issues, bandwidth limitations, and endpoint diversity all impact security teams' ability to apply patches swiftly.
Innovative Solutions for Streamlining Patch Management
To address these challenges, organisations are moving towards more intelligent and automated patching strategies. As Walters puts it, the starting point is simple: automation. By removing repetitive manual tasks, teams reduce the risk of human error and create space to focus on higher-value security work. Done properly, automation allows for scheduled updates, controlled testing, and the ability to roll back quickly if something goes wrong.
At the same time, how patches are delivered matters just as much as when. Large updates can put significant strain on networks if pushed out all at once, which is why approaches like peer-to-peer distribution are gaining traction. By allowing endpoints to share updates locally, organisations can reduce bandwidth pressure and avoid bottlenecks. Flexible “catch-up” windows also ensure that devices which miss an update cycle can still be brought into compliance without disrupting operations.
Modern environments are also driving a shift towards cloud-native, agent-based architectures. Instead of relying on a fixed network or VPN, these agents connect directly to cloud services, allowing patches to be deployed consistently across remote, mobile, and distributed devices. This approach reflects the reality of how people work today, where endpoints are no longer confined to a single network.
Finally, effective patching is as much about control as it is about speed. Progressive rollouts—testing updates on a small group before expanding—help organisations avoid widespread disruption. By identifying issues early and isolating them quickly, teams can maintain stability while still ensuring that critical vulnerabilities are addressed without delay.
Action1’s Unique Approach
Action1’s innovative model offers 200 free endpoints forever with no feature limitations, facilitating all sizes and types of organisations to implement effective patching solutions. By removing entry barriers, Action1 enables organisations to test, scale, and secure their patches more affordably.
As Walters shares, "Offering free endpoints helps small IT teams get started, and as they grow, they stay with the platform."This approach promotes widespread adoption, accelerates security improvements, and creates a community of organisations committed to better vulnerability management.
As cybersecurity environments become more complex and distributed, patching will remain a critical task—if not the critical task—of your security strategy.
If you would like to find out more, visit: https://www.action1.com/
Takeaways
The history and persistent nature of patch management issues
How remote and hybrid work models impact patching strategies
The importance of network-agnostic, agent-based patching solutions
How to leverage automation and orchestration to reduce IT workload
Peer-to-peer distribution to optimise bandwidth during large-scale updates
Developing a phased, ring-based approach to patch deployment
Real-world challenges of patching high-availability systems and remote endpoints
Action1’s unique offer of 200 free endpoints without feature limitations
The significance of thinking like an attacker to anticipate vulnerabilities

Chapters:
00:40 - Mike Walters’ background and company journey
02:00 - Why patching remains a complex, evolving task
04:35 - The need for specialisation and solving patching for good
05:11 - Why patch management feels like busy work and its inherent difficulties
06:44 - Lessons from early vulnerability management experiences
09:38 - Handling patching challenges for remote and mobile users
10:15 - The implementation of agent deployment and catch-up windows
12:22 - Innovative bandwidth management using peer-to-peer distribution
14:55 - The value of automation and trust in large-scale environments
16:50 - Utilising update rings for safer, staged patch deployment
17:45 - Prioritising patching for zero-day vulnerabilities and rapid response
18:43 - Action1’s free tier for small IT environments supporting smaller organisations
21:35 - Practical insights for IT leaders: automation, application patching, and attacker mindset
24:53 - Closing thoughts: automation and proactive attack thinking

The way organizations access and use enterprise data has fundamentally changed. Knowledge workers now operate in browser-based environments, relying heavily on SaaS applications and increasingly experimenting with AI-powered tools to boost productivity.
In the Security Strategist podcast, Chris Steffen, Vice President of Research at Enterprise Management Associates (EMA), spoke with Michael Leland, Field Chief Technology Officer at Island, about the growing cybersecurity challenges associated with browsers, SaaS platforms and AI tools and how organizations can adapt their enterprise security strategies.
While this shift has accelerated innovation, it has also introduced new cybersecurity risks. Sensitive information now flows through consumer browsers, AI assistants, browser extensions and cloud platforms; often outside the visibility of traditional security controls. As a result, enterprise security teams must rethink how they approach data protection, governance and access control in a browser-driven workplace.
Why Browser-Based Workflows Are Creating New Enterprise Security Risks
Enterprise security models were historically built around network perimeters, firewalls and on-premise infrastructure. Today, however, most work happens inside web browsers, where employees interact with SaaS platforms, cloud storage systems and AI tools.
According to Leland, this shift has significantly expanded the attack surface.
“The majority of knowledge workers are accessing business applications primarily via the web, whether it’s a SaaS application or a web front end to a legacy application. But they’ve been doing so in a consumer browser,” he explains.
Consumer-grade browsers were designed for convenience and personal use, not enterprise security. As a result, they often introduce vulnerabilities that can expose sensitive corporate data.
Traditional enterprise controls such as VPNs, secure web gateways and zero trust architectures attempt to mitigate these risks. However, these tools frequently operate outside the browser itself, leaving gaps in visibility and control.
The challenge becomes even more complex when browser extensions are added to the mix. Many extensions request extensive permissions and can access sensitive information inside SaaS applications.
“In the last 18 months, almost 40 per cent of browser extensions published have something to do with AI. Some offer real productivity gains, but the provenance of many of these tools is questionable,” Leland notes.
This growing ecosystem of extensions and cloud tools has created a new security frontier where enterprise data protection must operate directly at the user interaction layer.
How AI Sprawl Is Complicating Data Governance
Alongside browser-driven workflows, organizations are also dealing with a rapid surge in AI adoption. From tools like ChatGPT and Copilot to embedded AI features inside SaaS platforms, AI is becoming a standard part of the modern workplace.
However, this rapid adoption is also creating a phenomenon known as AI sprawl. Knowledge workers increasingly select their own AI tools based on preference or convenience, leading to a patchwork of unsanctioned platforms operating across the enterprise.
“Each knowledge worker may have their own AI tool of choice. So the whole BYO AI—bring your own AI—trend is becoming very real,” says Leland.
While these tools can deliver productivity gains, they also create serious data governance risks. Many AI platforms process prompts and inputs in external cloud environments, meaning that sensitive information could be inadvertently shared or stored outside company-controlled systems. Even seemingly harmless productivity tools may capture user data.
Why Visibility and Data Boundaries Are Critical for Protecting Enterprise Data
With browser usage and AI adoption accelerating, many cybersecurity teams are shifting their focus toward controlling data at the point of interaction rather than relying solely on network-based controls.
One emerging concept is the use of data boundaries—defined environments where organizations can control how sensitive information moves between applications.
A data boundary acts as a secure enclave that determines which applications are trusted and what data can flow between them.
“If you trust application A and application B, you might allow data to move freely between them,” Leland explains. “But you still enforce guardrails that prevent data from leaving that boundary.”
This approach allows organizations to balance security and productivity, an increasingly important consideration as knowledge workers rely on multiple SaaS platforms and AI assistants to complete daily tasks.
Another critical component of modern enterprise security is visibility. Security leaders cannot govern AI tools or protect sensitive data if they do not understand how employees are using them. As enterprises continue to embrace cloud applications and AI tools, protecting sensitive data will require a shift in cybersecurity thinking.
If you would like to find out more, visit island.io
Takeaways:
Establish a secure data boundary to control data flow between trusted applications.
Utilize AI to automate data protection and enhance real-time monitoring.
Foster a culture of security awareness among employees to strengthen your organization’s security posture.

Chapters
00:00 Introduction to Cybersecurity and AI
03:07 The Evolution of Browsers for Knowledge Workers
06:03 Challenges in Enterprise Security
09:04 Balancing Data Protection and Productivity
11:48 Navigating AI Risks in the Workplace
14:59 Understanding AI Sprawl and Governance
17:50 The Role of Presentation Layer in Data Protection
21:10 Real-World Applications in Financial Services
23:57 Final Thoughts on Securing Knowledge Workers

Keeping your organisation’s systems secure can feel like an endless battle. Patch management and vulnerability mitigation are often seen as tedious tasks, but they form the backbone of effective cybersecurity. In this episode of the Security Strategist podcast, host Richard Stiennon and Mike Walters, co-founder of Action1, break down why patching remains challenging and share practical strategies to make the process simpler, smarter, and more effective.
Patch Management Remains a Challenge
Patch management has been a concern since the earliest days of computing, dating back to mainframes and early PCs. Despite technological advances, it remains a "busy work" task that many IT teams find overwhelming.
So what makes patching so hard today? One of the main reasons patching is still so difficult is the constant evolution of IT ecosystems. As Walters explains, "The biggest challenge is the ever-evolving nature of software with different applications, sources, and methodologies."
Operating systems, third-party apps, and custom configurations all require tailored approaches for updates and patches, making uniform processes impossible. Large organisations often have hundreds or thousands of devices, each running different software versions requiring specific patches and testing before deployment. The COVID-19 pandemic has dramatically shifted traditional patching strategies. Pre-pandemic, enterprises could rely on corporate networks and distribution points for patches. Now, a dispersed workforce, VPNs, and hybrid cloud architectures have made remote patching more complex.
As Walters notes, "Remote endpoints become a big challenge. You need network-agnostic solutions that work regardless of whether a device is connected to the corporate network or a coffee shop." Connection issues, bandwidth limitations, and endpoint diversity all impact security teams' ability to apply patches swiftly.
Innovative Solutions for Streamlining Patch Management
To address these challenges, organisations are moving towards more intelligent and automated patching strategies. As Walters puts it, the starting point is simple: automation. By removing repetitive manual tasks, teams reduce the risk of human error and create space to focus on higher-value security work. Done properly, automation allows for scheduled updates, controlled testing, and the ability to roll back quickly if something goes wrong.
At the same time, how patches are delivered matters just as much as when. Large updates can put significant strain on networks if pushed out all at once, which is why approaches like peer-to-peer distribution are gaining traction. By allowing endpoints to share updates locally, organisations can reduce bandwidth pressure and avoid bottlenecks. Flexible “catch-up” windows also ensure that devices which miss an update cycle can still be brought into compliance without disrupting operations.
Modern environments are also driving a shift towards cloud-native, agent-based architectures. Instead of relying on a fixed network or VPN, these agents connect directly to cloud services, allowing patches to be deployed consistently across remote, mobile, and distributed devices. This approach reflects the reality of how people work today, where endpoints are no longer confined to a single network.
Finally, effective patching is as much about control as it is about speed. Progressive rollouts—testing updates on a small group before expanding—help organisations avoid widespread disruption. By identifying issues early and isolating them quickly, teams can maintain stability while still ensuring that critical vulnerabilities are addressed without delay.
Action1’s Unique Approach
Action1’s innovative model offers 200 free endpoints forever with no feature limitations, facilitating all sizes and types of organisations to implement effective patching solutions. By removing entry barriers, Action1 enables organisations to test, scale, and secure their patches more affordably.
As Walters shares, "Offering free endpoints helps small IT teams get started, and as they grow, they stay with the platform."This approach promotes widespread adoption, accelerates security improvements, and creates a community of organisations committed to better vulnerability management.
As cybersecurity environments become more complex and distributed, patching will remain a critical task—if not the critical task—of your security strategy.
If you would like to find out more, visit: https://www.action1.com/
Takeaways
The history and persistent nature of patch management issues
How remote and hybrid work models impact patching strategies
The importance of network-agnostic, agent-based patching solutions
How to leverage automation and orchestration to reduce IT workload
Peer-to-peer distribution to optimise bandwidth during large-scale updates
Developing a phased, ring-based approach to patch deployment
Real-world challenges of patching high-availability systems and remote endpoints
Action1’s unique offer of 200 free endpoints without feature limitations
The significance of thinking like an attacker to anticipate vulnerabilities

Chapters:
00:40 - Mike Walters’ background and company journey
02:00 - Why patching remains a complex, evolving task
04:35 - The need for specialisation and solving patching for good
05:11 - Why patch management feels like busy work and its inherent difficulties
06:44 - Lessons from early vulnerability management experiences
09:38 - Handling patching challenges for remote and mobile users
10:15 - The implementation of agent deployment and catch-up windows
12:22 - Innovative bandwidth management using peer-to-peer distribution
14:55 - The value of automation and trust in large-scale environments
16:50 - Utilising update rings for safer, staged patch deployment
17:45 - Prioritising patching for zero-day vulnerabilities and rapid response
18:43 - Action1’s free tier for small IT environments supporting smaller organisations
21:35 - Practical insights for IT leaders: automation, application patching, and attacker mindset
24:53 - Closing thoughts: automation and proactive attack thinking