Sign up to save your podcasts
Or
Share What To Expect In 2017: Security In The Cloud
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What To Expect In 2017: Security In The Cloud
Security is a chess board. Of the primary fundamentals in chess the King is the most valuable piece and the Queen is the most powerful piece (in terms of potential flexibility/impact). Stay with me... if we relate these rules to security we can assert the following supposition: Data at rest = King: If you lose your data or worse, data is stolen and exposed, the game is over. You lost the security game. Data at motion = Queen: Data in motion gives us admins the most flexibility/impact for infrastructure planning and solution choices. akin to the Queen, it offers flexibility and options but if exposed or captured, the death knell may be near. If security is our chess board; the adoption of cloud infrastructure and resources increase the size of the board (IaaS, SaaS, and private cloud for this metaphor). Seriously... stay with me... if your board size increases, do you: Replace one-for-one the existing pawns with new ones? Not sure why you would do this because they have the same function... maybe you want new pieces on the board to make you feel like you're playing a new game. Change your style of gameplay to hopefully create value-add off existing game pieces? You can increase their usefulness across the larger board by being creative... right? Add additional pieces to compliment the existing pieces? Imagine if you had three more pawns, an extra rook, bishop, and knight? If you didn't guess already, the other pieces on the board represent your IT security solutions. You could get by for a while with answer B but sooner or later, your opponent is going to whittle you down. If you answered A go into sales or marketing because you're selling up technology as a solution to a problem you never understood. If you're someone who evaluated changes in the chess board and chose additional pieces to play, you know answer C is the correct one. Don't sabotage your existing security model because there's a few new pieces to play with. The new game board allows for NEW attack vectors against your King, it doesn't necessarily remove the old ones. By the way, pieces != vendors, they represent solutions to prevent those spaces from exposure and exploitation. Our metaphor is mostly but you saw where I was going right? Cloud Security Is The Same Security With A New Home Security trends for 2017 seem to lead us towards new technology under the guise that we'e been doing it wrong this whole time and new product X will solve all your security needs. Threatstack summary of Gartner's 2017 Cloud Security key findings confirm what we already know: Consensus doesn't exist on what constitutes best practices for cloud security; this is creating organizational issues for control process Vendor focus on specific areas of cloud technologies (IaaS) is drawing attention away from other control vectors (SaaS) but is yet no less critical Gartner's findings marry well to previous risk analysis; CSA's 2016 study of top 12 threats remain mostly unchanged (including top 5): Data breaches (Losing your King) Weak Identity, Credential, and Access Management Insecure APIs Account Hijacking Malicious Insiders Emerging acronyms in cloud security deserve closer inspection which aim to address Gartner and CSA's analysis. An Extra Knight For The Board: Cloud Access Security Brokers CASBs are security policy enforcement points, placing inline security policies, encryption, identity management, and a host of other features against cloud service consumers and providers. Yes, it's existing technologies wrapped up with a nice bow but is no less important on premise or in the cloud. If you're already playing in the cloud chances are you already have some form of CASB, and if you're a datacenter traditionalist, you definitely have some of these services (TACACS, SSO/Federation services, RBAC). CASB's do encapsulate a lot of disparate solutions into a service offering which may allevi
View all episodes
Security is a chess board. Of the primary fundamentals in chess the King is the most valuable piece and the Queen is the most powerful piece (in terms of potential flexibility/impact). Stay with me... if we relate these rules to security we can assert the following supposition: Data at rest = King: If you lose your data or worse, data is stolen and exposed, the game is over. You lost the security game. Data at motion = Queen: Data in motion gives us admins the most flexibility/impact for infrastructure planning and solution choices. akin to the Queen, it offers flexibility and options but if exposed or captured, the death knell may be near. If security is our chess board; the adoption of cloud infrastructure and resources increase the size of the board (IaaS, SaaS, and private cloud for this metaphor). Seriously... stay with me... if your board size increases, do you: Replace one-for-one the existing pawns with new ones? Not sure why you would do this because they have the same function... maybe you want new pieces on the board to make you feel like you're playing a new game. Change your style of gameplay to hopefully create value-add off existing game pieces? You can increase their usefulness across the larger board by being creative... right? Add additional pieces to compliment the existing pieces? Imagine if you had three more pawns, an extra rook, bishop, and knight? If you didn't guess already, the other pieces on the board represent your IT security solutions. You could get by for a while with answer B but sooner or later, your opponent is going to whittle you down. If you answered A go into sales or marketing because you're selling up technology as a solution to a problem you never understood. If you're someone who evaluated changes in the chess board and chose additional pieces to play, you know answer C is the correct one. Don't sabotage your existing security model because there's a few new pieces to play with. The new game board allows for NEW attack vectors against your King, it doesn't necessarily remove the old ones. By the way, pieces != vendors, they represent solutions to prevent those spaces from exposure and exploitation. Our metaphor is mostly but you saw where I was going right? Cloud Security Is The Same Security With A New Home Security trends for 2017 seem to lead us towards new technology under the guise that we'e been doing it wrong this whole time and new product X will solve all your security needs. Threatstack summary of Gartner's 2017 Cloud Security key findings confirm what we already know: Consensus doesn't exist on what constitutes best practices for cloud security; this is creating organizational issues for control process Vendor focus on specific areas of cloud technologies (IaaS) is drawing attention away from other control vectors (SaaS) but is yet no less critical Gartner's findings marry well to previous risk analysis; CSA's 2016 study of top 12 threats remain mostly unchanged (including top 5): Data breaches (Losing your King) Weak Identity, Credential, and Access Management Insecure APIs Account Hijacking Malicious Insiders Emerging acronyms in cloud security deserve closer inspection which aim to address Gartner and CSA's analysis. An Extra Knight For The Board: Cloud Access Security Brokers CASBs are security policy enforcement points, placing inline security policies, encryption, identity management, and a host of other features against cloud service consumers and providers. Yes, it's existing technologies wrapped up with a nice bow but is no less important on premise or in the cloud. If you're already playing in the cloud chances are you already have some form of CASB, and if you're a datacenter traditionalist, you definitely have some of these services (TACACS, SSO/Federation services, RBAC). CASB's do encapsulate a lot of disparate solutions into a service offering which may allevi