[07-20-23]--How Do We Get Better Control of Cloud Data?

Join us tomorrow for "Hacking 5G Security"

July 20, 2023

CISO Series

Super Cyber Fridays!

Join us TOMORROW, Friday [07-21-23], for "Hacking 5G Security"

Hacking 5G Security

Join us Friday, July 21, 2023, for “Hacking 5G Security: An hour of critical thinking about the looming explosion of IoT on 5G networks.”

It all begins at 1 PM ET/10 AM PT on Friday, July 21, 2023 with guests Kevin McNamee, security product manager, Nokia and Howard Holton, CTO and industry analyst, GigaOm. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Thanks to our Super Cyber Friday sponsor, Nokia

Nokia

Defense in Depth

How Do We Get Better Control of Cloud Data?

How Do We Get Better Control of Cloud Data?

When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Our sponsored guest is Amer Deeba, co-founder and CEO, Normalyze

There’s a love/hate relationship between security professionals and cloud data. Cloud delivers "amazing telemetry that enables discovery, classification, and tagging of data," said Brendan Hannigan of Sonrai Security. This improved tooling “is due to the considerable standardization in building blocks that CSPs offer with their services,” said Evan Morgan of Ally. But at the same time that standardization of building blocks does not result in equal capabilities and that puts you at the mercy of the cloud provider’s tooling, he added. And Harrigan also complained about the identity management issues. The complexity results in unknowingly giving people access to your data that shouldn’t have it.

Too much control often results in too much confusion. While cloud providers do give you control users are having a hard time managing it. And as a result, they rely on default settings which have a history of lots of security holes. Gabe S. of PDC Technology feels that even though cloud providers have a vested interest in their customers’ security, they’ve dropped the ball on default settings. The confusion also results in lack of standardization across cloud providers. "In theory, we often gain more control in cloud data through centralized management and automation,” said Dr. Magda Chelly of Responsible Cyber Pte. Ltd., "However, in practice, losing control occurs when dealing with multiple cloud providers and inconsistent security measures, which unfortunately happens often.”

"’Losing control’ is inevitable as we de-centralize and distribute systems and processes," admitted Raj Krishnamurthy of ComplianceCow. “It’s a simple thing for any number of teams to setup a SaaS to just spew data wherever they want,” said Steven Smith of Zwift. “This is extremely difficult to work with at scale."

So many capabilities, so much information, and so little time to become an expert on it all. "Discovery and visibility tools have come a long way—surfacing unnecessary privileges, unsanctioned SaaS apps, or misconfigured cloud workloads,” said Mike Van Orden of Emanate Security Inc. "But there can be so many alerts that security teams often don’t have the bandwidth to share them with the right users.” On top of that, we struggle with technology’s pace. "It is hard to keep up with the new offerings and features in the cloud platform and understand the security implications as companies rush to the market with a shiny product or feature," said Naresh Balasubramanian of The Washington Post.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Normalyze

Normalyze

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Dimitri van Zantvliet, CISO, Dutch Railways.

Thanks to this week's headlines sponsor, OpenVPN

OpenVPN

Cyber chatter from around the web...

Jump in on these conversations 

"When would a security engineer need to build an API?" (

)

"For those of you in an infosec role at your company, what has been the one or two things that have made the most difference in the fight over the past several years?" (

)

"SOC Engineer Certifications, I haven't found any, please help." (

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

  • [07-21-23] Hacking 5G Security

  • [07-28-23] Hacking Bad Permissions

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.