Computing Webinar: Managing Threat Exposure in a Cloud-Smart World
Fayaz Khaki, Attack Surface Management Practice Lead at Adarma and John Tipton, Senior Cloud Security Consultant at Adarma participated in a webinar with Computing magazine, one of the country’s leading information resources for UK technology decision makers and market news.
In this webinar our experts explore how to get visibility and an understanding of your complete attack surface, thereby enabling your organisation to monitor that attack surface and strengthen defences to ensure robust protection against the ever-evolving threat landscape. Watch the full webinar below for Cloud security insights, guidance and practical advice on how to safely navigate your Cloud journey.
Throughout the Coronavirus pandemic, organisations deployed more and more infrastructure, systems and applications to the Cloud as they enabled an almost entirely remote workforce and stay competitive in conditions the world has never seen before.
Although the popularity of Cloud had been slowly increasing, the pressure of the pandemic forced organisations to accelerate their Cloud adoption. A journey that would normally have taken years was suddenly forced to happen almost overnight. At the time, businesses were more focused on the survival of their company than on the cybersecurity. So, they often prioritised shifting workloads into the Cloud and trying to get back to a sense of pre-pandemic normality.
Cloud tools were often deployed without the proper security policies or guardrails in place, which expanded their attack surface and increased their risk of misconfigurations. As a result, they now struggle to get visibility and understand the nature of their Cloud environment and must grapple with a rapidly expanding attack surface combined with a higher risk of misconfigurations.
In addition to this, many organisations saw their supply chain expand rapidly to integrate with third party organisations in the Cloud, exposing them to further risks. Here are some key takeaways from the webinar that our experts shared with Computing.
Key Cloud security takeaways:
– You cannot secure what you cannot see so end-to-end visibility is key for organisations looking to fully protect their cloud environments. A robust cloud visibility strategy means matters such as application performance issues and security threats can be identified and resolved at speed. Organisations should set out their cloud visibility strategy early on, taking stock of their attack surface and the configuration of systems.
– Organisations need to take stock of their Cloud environment and consider what risks have been introduced by Cloud adoption and what can be done to remediate them. They need to also determine their level of comfort with using Cloud and adopting it into the services and products they want to use. There needs to be more focus on balancing the business needs with cybersecurity.
– Companies need to be aware that even as the data moves to the Cloud it remains their responsibility. Responsibility for their data is not devolved to the Cloud provider; therefore, they must take steps to ensure that access to that data is guarded, monitored and logged. This process can help you to understand whether you have the proper access policies in place, where your data is being held and what your risk footprint is.
– When multiple parties have access to your organisation’s sensitive data, it’s crucial for organisation to know what safeguarding measures third parties are taking. This means that organisations must carry out thorough risk assessments for every new vendor, ensure they are continually monitoring their supply chain security and that the correct security controls are in place.
– Whether it is Cloud or any other type of service that introduces or expands your attack surface, you need to understand the threats that you’re facing. It’s important you understand who the threat actors are, what they’re interested in and how they will attack you. Although it’s impossible to accurately predict the future, this knowledge can help you better anticipate the behaviour of threat actors.
– It’s important you understand how and what you want to deploy will impact your security. There are valid reasons to adopt the Cloud from a business perspective, but it’s important that organisations consider whether they have the resources necessary to support their move to the Cloud, particularly if it’s an accelerated transition. It is important that resources grow proportionally to Cloud environments to ensure that the rush to the cloud doesn’t outpace organisations’ ability to deal with the security issues migration may bring. If in-house IT teams alone are overstretched, organisations may want to consider employing the services of a third party to assist with cloud security.
Watch the webinar to gain a deeper understanding of Cloud security and see the results of the webinar’s interactive poll.
For more advice and tips on how to manage your exposure in a Cloud-smart world, please see our 4-part Cloud Security series.