“In incident or crisis management, comprehensive information, correct interpretations and quick decisions are the key to success. AI can therefore take over the processing and analysis of data, prepare/recommend decisions and thus bring about fast and correct decision-making and ultimately the prompt resolution of incidents.” 

Michael Schlüter is the Chief Information Security Officer at SWICA, one of the leading health and accident insurers in Switzerland. Michael is responsible for ensuring the protection of particularly sensitive personal and health data in a regulated and highly digitalized environment. He gained his in-depth technical and organizational experience in dealing with cyber and information security risks at large Swiss financial institutions, for which he worked for over 12 years, primarily in the area of network security and in the CISO office. Michael’s academic background includes a Master of Science in Business Information Systems from FHNW and a Diploma of Advanced Studies in Cyber Security from ETH Zurich. As a member of the board of directors of an IT service provider, he strives to increase security as a managed service for SMEs on a broad scale and with adequate financial commitment. Michael was awarded Future Leader at the Swiss CISO Awards during the Global Cyber Conference 2023. 

Enjoy our interview with Michael where topics such as zero-trust architecture, effective cloud governance frameworks and AI, among other topics, are discussed. 

What are the biggest challenges organizations face when implementing a multi-cloud security strategy?   

The multi-cloud approach offers advantages, particularly in terms of reliability or protection against vendor lock-in, but the challenges should not be underestimated. For example, specialists who can manage the cloud and ensure its operation are already rare or difficult to find. Central services such as security must also be orchestrated across all platforms, and measures are often implemented differently in multi-clouds. Services and software must be built in a platform-agnostic way in order to be able to be operated on other environments. This can lead to challenges. 

How does zero-trust architecture redefine perimeter security in cloud environments? 

In principle, the use of cloud or non-cloud is irrelevant when it comes to zero trust. However, zero trust is very fundamental for the cloud environment, as a classically secure corporate network (with perimeter protection) no longer exists in the same form and services are used at different levels (IaaS/PaaS/SaaS), which are also usually exposed on the internet. Protection must therefore be ensured by other means – connections must be continuously checked. 

 What are the critical components of an effective cloud security governance framework? 

The guidelines, objectives and business requirements must be clearly communicated and implemented by the responsible teams in a continuous process. The security culture of all those involved is fundamental, even if centralized and decentralized enforcement of governance alternate.  

In addition, the governance components of the cloud must be used and operated correctly to ensure a secure environment. This also includes active management of the security tools, which must be adapted regularly. The high level of visibility generates a lot of information that needs to be processed. 

 In what ways can AI be a game-changer in incident response and crisis management? 

In incident or crisis management, comprehensive information, correct interpretations and quick decisions are the key to success. AI can therefore take over the processing and analysis of data, prepare/recommend decisions and thus bring about fast and correct decision-making and ultimately the prompt resolution of incidents. With increasing maturity and trust in AI, certain steps can also be automated. However, the basics must still be in place: e.g. correct/complete data basis. 

 How do you see AI transforming the role of cybersecurity professionals in the next decade? 

AI-supported tools can carry out complex research work and analyses, some of which are carried out manually today, in the shortest possible time. Quality can be increased because comprehensive data analyses, including the integration of threat intelligence information, can be carried out in a short space of time. The role of the cyber security analyst can therefore evolve from mainly research work and routine tasks to more in-depth analyses, risk assessments or generally more proactive than reactive work.