- CISO Series Newsletter
- Posts
- 11-07-19 - Yuck! I Don't Want the Risk. You Take It.
11-07-19 - Yuck! I Don't Want the Risk. You Take It.
Yuck! I Don't Want the Risk. You Take It.
This week's episode of Defense in Depth
The Cloud and Shared Security
On this episode of Defense in Depth:
Co-host Allan Alford and our sponsored guest Paul Calatayud, CISO for Americas, Palo Alto Networks, discussed:
You have to have a business reason to go to the cloud. Usually it's done as a business imperative in order to stay competitive.
Security is rarely the primary reason businesses move to the cloud. It's often an adjunct reason.
Moving to the cloud may transfer risk, but it also introduces new risk.
Security professionals have long avoided the cloud because they feel they give up perceived control. If I can't see or touch it, how can I secure it?
One issue security people need to grapple with during digital transformation and a move to the cloud is what does it mean to manage risk when you don't own the program?
Much of the online discussion was about getting your service license agreements (SLAs) in place. But if you're a small- to medium-sized businss (SMB) you're going to have a hard if not impossible time negotiating.
Don't lean on SLAs to be your entire risk profile. It's like using insurance as your only means of security.
Cloud security requires setting up automation guard rails.
For cloud evolution you'll need a change in talent and it probably won't be your traditional network engineers.
Because of performance, privacy, and data protection issues you're probably going to find your business moving apps in and out of the cloud.
The Cloud Controls Matrix (CCM), from the Cloud Security Alliance (CSA) is a controls framework designed to help you assess the risk of a cloud security provider.
Special thanks to this week's Defense in Depth podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
TOMORROW! CISO Series Video Chat (Friday, 11/8/19 at 10 AM Pacific)
Hacking the CIS Top 20:
An hour of critical thinking on the most well known beginner’s guide to setting up a security program
Whether you're launching a brand new security program, or trying to determine the maturity of your current program, seemingly all security professionals lean on the CIS Top 20 to guide their development of their security program.Join us tomorrow for this super fun weekly event, where everyone can participate. Either in text chat or on video.Go ahead and register. It all starts at 10 AM Pacific tomorrow.Hashtag for the event is #HackingVideoChat.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.