Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, comments on a new report by Cloud Security Alliance that found that less than 50 percent of organizations regularly assess their cloud risk status.
By Hugh Taylor
December 17, 2021
“There can be a tendency in technology that anything that is radically different from the status quo is treated differently than existing operations and “cloud” versus “on prem” definitely fits that bill. In some cases that can result in failure to map existing security review and monitoring processes that exist with legacy on premise assets to their new cloud counterparts. The two biggest contributing factors are ignorance of the functionalities of the cloud platforms and responsibility assignment. We are a few years past the tsunami rush of organizations migrating to the cloud where footguns like storage buckets defaulting to public access routinely exposed vast amounts of private data, but that issue along with unsecured databases still reliably occur. To their credit, most cloud providers have adopted more secure defaults, but the onus is still on the organizations hosting on them to ensure they fully understand the security capabilities and best practices to protect themselves and their customers. IT also doesn’t help that every cloud vendor seems to use their own unique terminology for resources that don’t cleanly or easily map to other vendors. This can lead to confusion as well as disparity in the overall security if an organization is using multiple providers. Responsibility assignment is the other major area where organizations fall down in ensuring cloud platforms are secure. If the cloud migration is handled by a new team, or initially treated as just a test, organizations can often miss assigning responsibility for security and monitoring the new environment. This can lead to significant security issues once the cloud environment goes live or fully scales out.”Click Here To Read The Full Story…
Journal of Cyber Policy – Chris Clements Discusses the CSA Report On Cloud Risk Assessment. Leader in security managed services. Offices & resources across the USA. Full team of security & compliance experts. Certified forensics experts & gov’t sec clearances. Publicly traded (Ticker: CISO)
Journal of Cyber Policy – Chris Clements Discusses the CSA Report On Cloud Risk Assessment. Cerberus Sentinel specializes in cybersecurity solutions that build a culture of security within an organization, enabling them to improve security, lower risk profile, optimize IT infrastructure, and meet regulatory compliance demands with extensive and comprehensive compliance review. Our Philosophy – Cybersecurity is a culture, not a product®. We believe culture is the foundation of every successful cybersecurity and compliance program. To deliver this outcome, we developed MCCP+ our holistic approach that ensures you’re secure in every area of your business. We are a publicly traded cybersecurity company listed with ticker CISO. A nationwide provider of consulting and managed services, with offices and resources across the USA, we specialize in building a culture of awareness for our clients. Founded with the belief that an acquisition approach is the best way to address the industry-wide skills gap. We are focused on cybersecurity, compliance, and the culture that drives success, acquiring world-class engineering talent who utilize the latest technology to create innovative solutions to protect even the most demanding businesses and governments against continuing and emerging threats.