CISO Series Newsletter
Posts
07-16-20 - Look How Fast the Cloud Can Expose Sensitive Data

07-16-20 - Look How Fast the Cloud Can Expose Sensitive Data

Look How Fast the Cloud Can Expose Sensitive Data

July 16, 2020

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Securing a Cloud Migration

On this episode of Defense in Depth:

Co-host Allan Alford and sponsored guest, Sandy Bird, CTO and co-founder, Sonrai Security, discussed:

You can't just migrate to public cloud and secure things like you secure your on-premise servers and applications. You have to think cloud-native in all security decisions.
Cloud migrations intensify the focus between data and identity.
"Security as an afterthought" is never a good plan. Those who succeed build security into the migration. Don't let IT broker a deal to migrate to cloud and then bring in cyber after the fact.
In the cloud, knowing where your data is one step, securing the data is another.
There's a multitude of variances with data. There are the API controls on data, who has access through those APIs, is the data cloned or cached, and how are permissions being adjusted to that data?
Start by knowing who and what should access your data and build your controls from there.
The people side of securing cloud migration is critical. If your staff is not properly trained, a single mistake can be extremely expensive.
Speeds in the cloud, especially if you've got a DevOps and CI/CD approach, can make problems move at lightening speed. There's a need for automation and to continuously monitor your controls and coverage. Get ahead of problems.
DevOps learned the fail fast technique, but also the ability to recover quickly. If security wants to play as well, they have to develop the same strategy and tools.

Thanks to this week's sponsor of Defense in Depth, Sonrai Security.

Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an

enterprise cloud security platform

that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.

Joel Bork, senior threat hunter, IronNet Cybersecurity on how attitudes towards sharing threat intelligence changes

TOMORROW, Friday [7-17-20], Hacking Active Directory

Join us t

omorrow

for an hour of critical thinking on the key business service that’s got serious vulnerability issues with my guests Chris Roberts, hacker in residence, Semperis, and Norman Hunt, deputy CISO, GEICO.

As always We'll have an active chat room and we'll be playing our best bad idea game, "Department of YES". And it all starts at 10 AM PT/1 PM ET. And immediately after the video chat we'll have the CISO Series Meetup. Everyone will have 1-on-1 meetings with fellow cybersecurity professionals. Huge thanks to our sponsor, Semperis.Register for our future Friday video chats.

Chris Zell, vp, head of InfoSec, The Wendys Company on the lack of separation between personal and work life

Best Moments from “Hacking Passwords” Video Chat

Here are seven minutes of the best moments of last week's "Hacking Passwords: An hour of critical thinking on eliminating password failure and improving access”.

Joining me were:

Ori Eisen, CEO, Trusona
Alex Manea, former CSO, Blackberry and now chief security and privacy officer, Georgian Partners

You can watch the entire episode here.

Thanks to our video chat sponsor, Trusona

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.