Sophos security sales engineer for Spain and Portugal

Alberto Ruiz Rodas

I had the pleasure to start these interviews on our cloud community with Alberto Ruiz Rodas a master and commander professional on security . We spoke about the digital transformation in the context of Spain as well as Portugal, cloud providers, typical security issues, remote desktop tendency, how to adopt security on disruptive technologies on the public cloud, challenges with PaaS or Serverless.


Ok, I want to clarify, i just want to explain the current situation in Iberia, let’s say, Spain and Portugal. So related to digital transformation the companies are assuming the new scenario, they know it’s convenient for their business. It took sometime till many companies could understand that it is a must protect desktops, or their access through a router to Internet.

So the first approach it was use VPN to connect to their companies and offices, but for example there are some tools on the Internet, quite simple to scan vulnerabilities, some people use it for scanning security and we can call it “Google for Hacking” in a funny way. Well, when the lockdown started in Spain, the Terminal Servers and RDS with 3389 ports opened to the world and exposed to Internet without any kind of protection increased a lot in just a matter of days.

Really, it took many years that people thought about this problem seriously, right now a lot of companies and public institutions are concerned about the security. But as you can see with this example there outside, still you have to struggle with many people that go on without paying the proper attention to it.

Another example, there is a company with all old eighties systems for several tasks related with data transformation which some employees are consulting using a simple “Telnet” command on the internet.  The access to those systems was forwarded thought their Telco Router and even the customer says “we never ever had a security issue”. Terrifying if you think that this happens and even to remark there are about between 30.000 to 40.000 RPD access in Spain opened and ready to be attacked.  There are 2 which are XP boxes. In some cases, we are providing from Sophos some patches and security tools to OT (Operational Technology) on factories. That’s understandable. But if you are exposing desktops such this one, please take care about it.


There is a tendency on providing VDI platforms to facilitate, let´s say, bring your own laptop (BYOL) solution to private and public sectors as well. I want to believe that the security vector is intrinsic to VDI. I have some customers with VDI farms to make easier the work to the public servants and they can connect with their PCs at home but not losing security or even in the private sector other using thin clients.

However VDI requires protection, even if you are going to shut down and start your virtual desktops each day. If hackers can compromise a VDI platform you are at risk as they´ll have access to sensitive data, so pay attention to patching and maintain next gen antivirus software, even if you face with a Zero day vulnerability that´s important to react quicker and next gen protection will protect you against these new threats.


Public cloud is providing new technologies and features that there weren’t on the private cloud. For example, for us there are some APIs which can be very well integrated with the cloud providers. Most customers are combining cloud providers so we bring value to all of them for example with monitoring security very efficiently on a multicloud environment. Sophos believe in the cloud, Sophos can roll out massively on Azure or AWS Sophos XG Firewalls, as soon as the instances are starting they are autoconfigured with the adequate protection for example Sophos Endpoint and Server next gen protection adding  secure posture management tools like Sophos Cloud Optix to provide the right governance on those platforms.

Also containers world and in particular Kubernetes is for us a strong goal and new reality, so we can protect and integrate all in this new strategy that Sophos is delivering to their customer globally.

We have Cloud division within Sophos that can assist our company worldwide. For me it´s a challenge the awesome evolution on public cloud just based on IaaS some years ago, for example, comparing to nowadays with serverless, RBAC and IAM features, etc. It is a new reality to adapt for all of us. Gartner says public cloud has come to stay.

Also, i want to pointed out one fact, there is a new issue “Misconfiguration”. It´s quite curious but Gartner says mostly 99% of security issues until 2022 on the public cloud come or will come from an administrator misconfiguration on their own cloud platform not for the cloud platform itself. Let say, i buy as pay as you go my VMs on the public cloud but 99% of security issues comes from my own IT team. Our posture management tool can leverage security, monitor and provide hardening for storage exposed to internet or external access configure without protection by someone. For instance, it is a typical misconfiguration a public bucket on S3 (an storage component in AWS) with sensitive information exposed to everyone in Internet. It is quite known that companies gathering private data from customers or people had those buckets opened to the world. A very clear data leak even more when by default when you create a bucket on S3 there are private permissions to publish the date to internet. Or even if you create a mongo DB on Azure, some administrators allow some open queries to it.


The private cloud will be combined with the public cloud but in the coming years I expect a merge between both of them. It is awesome how the public cloud is providing instances on any region and maybe I have CPU in USA and storage in Ireland. That brings you and exceptional data resilience that it´s very difficult to achieve with the private cloud.


First of all we have to be focus on governance and control on the cloud. With “Cloud Optix” which can extract data from several APIs we can get a very global view of network diagrams and understand in depth the traffic between the instances or even inside those instances and trigger alerts when some components are receiving traffic which is not allow for them within those machines. So with ML and AI we can evaluate or somehow foresee what kind of service is running and understand weird traffic increases, to mention some actions. Another example, in Devops platforms and specifically with IaC (Infrastructure as code), how can we know that those templates are solid and correct in terms of security?. We have integration with JENKINS, GITHUB, BITBUCKET, TERRAFORM to verify that definitions and variables are adequate and there is no risk for the company before they deploy such infrastructure and automate their use.

According to that, when we have governance and control on all the components on the public cloud the best practices for example in Azure say please don´t expose your services to Internet and use a firewalls. In that area we have adopted our firewalls to the cloud. If you check the marketplace you will see Sophos firewalls to buy as pay as you go or even BYOL. We had on these days some customers demanding to increase dramatically VPN access to their IT infrastructure remotely and the best way to achieve it, was to set up automation and deploy massively firewalls (virtual appliances).

To summarize, we provide at a first approach management and governance of the components in the cloud, as a second approach access control with VPN and finally as last approach provide security internally in any component the customer is configuring. We call that “Synchronize Security”, i´ve heard about this concept since 2015 in the international Sophos event, today it is our true cornerstone in terms of security.

All the actors i´ve mentioned before our secure posture management tool, our firewalls and those security components in each instances can speak between them. It makes no sense that a VM compromised or al least at risk can maintain connectivity and allow some traffic with other VM in the same subnet or other networks. So the firewall should protect for this suspicious VM and cut all that traffic. But also, the other VM/instances in the same network segment will be notified and won’t accept traffic from the attacked instance, making a true isolation scenario until the incident is being resolved…

Finally, before this interview we spoke about the productive cloud, we can provide a Sophos cloud specifically designed with or antispam called Sophos Central Email, antimalware or antivirus tools to protect others clouds. We can rapidly be integrated with other cloud provider DLP solutions so we can block or encrypt data, we can prevent users to click malicious links, anti-phising or CEO attacks, sandboxing, etc. But keeping an eye on this as our sandboxing is a cutting edge technology and the most relevant player in the market following many benchmarks and professional product analyzers. That technology can be used for free thanks to SophosLabs Intellix, an API that permits static and dynamic fine analysis.  

An important fact it’s we synchronize all our security components together, they work like a soccer team. For instance, if we detect a user sending spamming or malicious data, our Sophos Central Email can block these mails, Sophos Endpoint will isolate the PC connectivity to other computers on the same network combined with XG Firewall which notify the situation to the rest of machines, other network segments or Internet and very quick we can deny traffic during the incident, and as a consequence we will trigger an automatic scanning to verify the victim computer is clean..  


Sophos wants to be agnostic for all the cloud providers, we want to make the admin´s life easier to them. Related to vertical our solutions are open to all vertical, the same if it´s industry, public instances, etc. What it´s important for us is to be flexible and have scalability.


With “Cloud Optix” we can leverage the trust on the public cloud to the customer on IAAS or PAAS. To be honest, it is not the responsibility for the customer or for the cloud provider but a mix of both and we can be somehow the glue for each other.

For Serveless it is clearly a security challenge, Sophos can protect the containers or containers orchestrators and provide logs analysis for them.

Please rate this interview..

Rating: 4 out of 5.