cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Remove the human beings from Cloud security engagement?

Hi All

 

It appears that the biggest threat to Cloud engagements is the human being.  Although we can carry out Cloud Assessments using the Cloud Providers tools or independently is this the answer?   Especially as the client organisations are hoping for the cheapest engagement and quickest to get the job done?

 

https://ir.isg-one.com/news-market-information/press-releases/news-details/2022/Cloud-Platforms-Requ...

 

Regards

 

Caute_Cautim

3 Replies
dcontesti
Community Champion

So MHO, the risk associated with Humans has not changed regardless of the platform be it Internal or the Cloud.  When I first started in Security (in the 1980's, the FBI stated that most breaches were associated with Human error....I believe the number quoted was 85% and I do not believe that number has changed significantly.

 

d

 

Bob_Hood
Viewer

I'm sorry, but your argument has both good and bad information. Yes, Humans are a likely flaw in the system. Just look at the new norm of breaches, most are Social engineering in some aspect. but to say that we should take the humans away from doing the analysis would also put me out of a job (Sr. Cloud Security Architect).

Humans can see a lot of what machines can't, Machines can't think as a hacker would, they can't bridge multiple vulnerabilities together to penetrate a security countermeasure. We still need Humans interacting and analyzing IT infrastructure to Vet and Verify security is effective...

 

Bob

Caute_cautim
Community Champion

@Bob_HoodI think the article refers to the fact that the clients i.e. the customers are the ones who make most of the configuration mistakes, and get themselves into hot water.  It also relates to many customers not fully understanding the Shared Responsibility Model (SRM) which the Cloud Providers impose on their clients too.

 

But in general the customer or clients are the ones who generally make the most mistakes or configuration issues.   I too believe human beings are required, but I do believe human beings with sufficient knowledge add value i.e. auditors, and cyber security professionals or check lists such as those provided by CIS for instance.

 

The article is a little too generic and not specific, as though it is attempting to put a blanket statement on human clients or customers.

 

Regards

 

Caute_Cautim