Last month I hosted a webinar that discusses some of the biggest challenges are when adapting in-house controls to the cloud, and where we’ve seen security teams and we’ll also highlight some new tools and capabilities that are changing the game. View On-Demand WebinarThis year, across the board, most respondents indicated that their top fears were related to unauthorized access to cloud resources, both from outsiders and other tenants in the cloud provider environments they operated within. Vulnerabilities within the cloud environment and poor configurations of cloud assets were also major concerns for many. Get the full results. In the past, we’ve lacked sound network security, logging, account management and control (including privileged user management), vulnerability management and monitoring, and more in the cloud…so where do we stand today? Fortunately, the news is getting better all the time. As cloud services start to reach critical mass, cloud providers are adding more and more services and security capabilities all the time. More importantly, well-known vendors that we’ve come to rely on for our data center security have adapted their products to more readily function within cloud environments. We’ve seen a huge shift in the security vendor landscape to accommodate and integrate cloud provider APIs, create virtual machine images that are available as appliances within the providers’ marketplaces, and provide easy-to-use controls that can be automated and scale with highly dynamic cloud deployments. Whew! It was dicey for a minute there, and we’re not out of the woods yet. Security and risk teams need to double down on evaluating solutions that are proven to mitigate major security risks in the cloud like privileged user account abuse or misuse, unpatched and poorly configured systems, and more. To be more successful at securing resources in the cloud, security teams need to come to the table with real solutions that can fulfill organizations’ internal policy needs, as well as regulatory and compliance requirements. Fortunately for us, there are more options than ever. Last month I hosted a webinar that discusses some of the biggest challenges are when adapting in-house controls to the cloud, and where we’ve seen security teams struggle to “bring their tools with them”. We’ll also highlight some new tools and capabilities that are changing the game, enabling security professionals to implement the same trusted tools and controls they’ve come to rely on in-house within their provider environments. View On-Demand Webinar
Dave Shackleford, Cybersecurity Expert and Founder of Voodoo Security
Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.