On June 24th, Ntirety CISO Chris Riley was proud to present The Great Migration: Retreat from the Cloud Sacrificing Security? at the 23rd International CloudEXPO conference in Silicon Valley. With over 20 years of enterprise IT experience, Riley brought unparalleled perspectives to the CloudEXPO stage on the current state of IT security, including shared concerns, hidden risks, and the tested tactics to protect data.
Security Threats Remain Even in New Cloud Solutions
Migrating to the cloud provides numerous benefits to enterprise organizations, but do-it-yourself or one-size-fits-all approaches to cloud selection and management has created a number of concerns for internal IT teams across industries. This phenomenon has led to a shift away from the one-size-fits-all approach to more hybrid cloud options, as noted in Ntirety CEO Emil Sayegh’s keynote presentation. However, while hybrid solutions do eliminate issues relating to cost and performance, it can still leave gaps in security and compliance.
Despite the advances hybrid and multi-cloud options bring, threats can spring from a variety of both external and internal sources. Calling these threats the “Treacherous 12,” Riley shared the most critical issues that plague cloud security from a survey by Cloud Security Alliance:
- Data Breaches
- Weak Identity, Credential and Access Management
- Insecure Application Programming Interfaces (APIs)
- System and Application Vulnerabilities
- Account Hijacking
- Malicious Insiders
- Advanced Persistent Threats (APTs)
- Data Loss
- Insufficient Due Diligence
- Abuse and Nefarious Use of Cloud Services
- Denial of Service
- Shared Technology Issues
From massive data breaches, to the headaches of employees sharing passwords, these challenges exist—knowingly or unknowingly—for all organizations in the cloud.
Combatting Risks with Better Internal Tactics
Although the above list may seem daunting, Riley illustrated to CloudEXPO attendees that there is hope. Visibility, segmentation, automation—all these modern cloud security pillars are achievable through more detailed and dedicated processes, like enforcing access control, re-architecting systems, and monitoring behavioral activity.
All the elements for better security and data protection are obtainable, Riley explained, if cross-functional internal teams can work together and prove that investing in greater measures is not only worthwhile but vital for every cloud solution.
“The fact of the matter is we have to demonstrate the value, we have to enable the business, and we have do it in near real-time fashion,” said the Ntirety CISO to his audience. “Because the business isn’t going to wait for us.”
Bringing diverse members of a company’s team together for increased communication is a key component to implementing any new security strategy or process, specifically the imperative collaboration necessary between the departments of Development, Security, and Operations. Coining this as the “trifecta of success”, Riley emphasized how encouraging frequent and in-depth conversations between DevSecOps will “inherently have a strong mentality to code things right, to secure things appropriately, and to allow the business to be successful.”
Better Security from the Inside Out
The concerns are real and more relevant than ever, but so are the tactics to tackle them, Riley ensured his audience in Silicon Valley. He elucidated on the current state of IT security—the good, the bad, the ugly—and ways enterprise companies can stay ahead of the threats. For CloudEXPO attendees, understanding the practical ways Riley outlined to protect systems and data in today’s increasingly insecure world were just the kind of insights enterprise IT professionals look for: identifiable risks, actionable plans, and sustainable methods.
Ready to get your own IT security insights from trusted cloud experts? Schedule your consultation for better data protection today!
