Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion
‎08-07-2019 10:18 AM
‎08-07-2019 10:18 AM

Failing on Cloud Security

The tipping point for cloud security has arrived and very few organizations are ready reports Symantec. 

 

Key takeaways from the report include:

 

  • 83% claimed they don’t have the right processes in place to effectively manage security incidents
  • 93% said they are having trouble keeping track of workloads
  • 73% said they’ve experienced an incident because their cloud security isn’t mature enough
  • 65% of organizations failed to implement MFA in IaaS environments
  • 80% don’t use encryption

I really wonder whether the CSP shared responsibility model is the problem? Certainly, its not the solution since the survey says security professionals are not architecting security into their cloud deployments.

 



Reply
0 Kudos
4 Replies
JaimeBurgos
Viewer
‎08-09-2019 06:27 AM
‎08-09-2019 06:27 AM

So what do you think could be the solution. The one problem that I can highlight is that low quality cloud architect and not enough resources to manage iaas cloud infrastructure. Management of cloud securirty could be a very tricky task and to counter it you need a dedicated team for cloud architects which could cost you a lot. So, most organization don't pay much attention in this department and thus faces the consequences.

Reply
0 Kudos
Wayne_Evans
Newcomer III
‎08-16-2019 10:02 AM
‎08-16-2019 10:02 AM

I think the model is fine currently, my thoughts are a lot of this comes down directly to training or lack of sufficient or appropriate training for all people/stakeholders: Cloud Architects, Application Developers and the management of IT teams. If managers had appropriate awareness and training, they could adopt and implement appropriate processes to handle cloud.

I also see Shadow IT is the biggest cause of the above issues. in such a fast, agile cloud-native, SaaS world, managers and departments are frequently bypassing the safeguards and slow and monolithic change controls of IT. Which again comes to due to lack of appropriate processes and control. 

As it drilled into us, Security is driven from the top down.

Reply
rslade
Influencer II
‎08-16-2019 03:34 PM
‎08-16-2019 03:34 PM

Please.

 

Remember: "cloud" is not new. "Cloud" is not magic. "Cloud" isn't really even a thing. It just means "somebody else's computer." You need to know how much (and what type) of protection they do, what protection you need, and how to patch any gaps.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
CraginS
Defender I
‎08-18-2019 04:54 PM
‎08-18-2019 04:54 PM

@rslade wrote:

Please.

 

Remember: "cloud" is not new. "Cloud" is not magic. "Cloud" isn't really even a thing. It just means "somebody else's computer." You need to know how much (and what type) of protection they do, what protection you need, and how to patch any gaps.

Essentially, CLOUD is simply "off-premises, and usually someone else's, computer." 

Not really much different from the old IBM 360 Time Sharing days.

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
0 Kudos