Here is a question to consider: How many cloud solutions does each organization need?
If your organization wishes to remain competitive – the answer is many.
It was a lot easier to manage and control the operational security risks when the answer was zero.
Until around 2014, there were still some infosec professionals at security conferences who were confident that their own organizations would never trust their data to the cloud. Those halcyon days are gone.
Banks, government departments, critical national infrastructure – there are almost no institutions that have not succumbed to the scalability, functionality, agility, and economic advantages that using cloud can offer.
Each and every organization is now besieged by the challenges of managing a diverse landscape of cloud instances, including the proliferation of identities and privileges. Operate too restrictively (prevent your employees from using cloud solutions) and you might not allow your business to be sufficiently innovative or competitive. Operate without sufficient controls in place (allow employees to use any cloud they want with no oversight) and the reputation and finances of your company could be reduced to dust.
One of the primary problems posed by using multiple cloud solutions is - how do you keep the security risks as low as possible?
As an auditor, I have the opportunity to understand and review the problems that stand between the paper theory of how security should function, and the operational reality faced in real commercial environments.
As a security manager, I experienced the challenges of senior executives in a world of denial. The mantra of - “If we haven’t been hit hard by these risks yet – then it probably is not as big of a problem as people think”.
…And as a program manager, I bore the weight and challenge of receiving unrealistic timelines in parallel with inheriting an almost total lack of engagement with business operations. If the frontline business units fail to adopt and embrace security processes, then in most cases, the security improvements will accomplish what they are aiming to achieve.
The good news is that none of these are new problems. There are solutions.
The best way to solve these problems is to understand where others have tried and succeeded – and also—where they have tried and failed.
In an upcoming, Practical Solutions to Manage Multicloud Permission Risks, I will explore the most practical insights I can offer on how to transform multicloud permissions management from the inherently high-risk activity it can be – to something easier to control and monitor. These practical solutions are derived from my own real-world experience auditing dozens of commercial environments, managing security, and managing the delivery of security programs in several different companies.
So, if you want practical, actionable tips on how to solve the multicloud management conundrum, how to keep the security risks as low as possible, and how to get management to approve the necessary budget – join this session live (or watch it later, on-demand).
Raef Meeuwisse, Cybersecurity Expert and Author
Raef Meeuwisse is one of the most popular authors in the field of cyber-security and social engineering. Raef’s titles include the global best-seller, ‘Cybersecurity for Beginners’, the frequently evolving ‘Cybersecurity to English Dictionary’ and ‘How to Hack a Human’; an exploration of how easily us humans can be controlled and influenced. His experience includes running eight digit security budgets, consulting on security at over 50 different organisations, designing a multi-million-pound security software platform, training as a hypnotist (yes, you read that correctly) and occasionally flying helicopters.
In addition to making public appearances at countless conferences across Europe, the UK and the US, he is also a frequent provider of commentary for multiple technologies and mainstream news outlets and has appeared in Infosec magazine, ZDNet, TechTarget, TEISS and on Sky News.