Chris Clements, VP of Solutions Architecture at Cerberus Sentinel (now CISO Global), comments on a new report by Cloud Security Alliance that found that less than 50 percent of organizations regularly assess their cloud risk status.
By Hugh Taylor
December 17, 2021
“There can be a tendency in technology that anything that is radically different from the status quo is treated differently than existing operations and “cloud” versus “on prem” definitely fits that bill. In some cases that can result in failure to map existing security review and monitoring processes that exist with legacy on premise assets to their new cloud counterparts. The two biggest contributing factors are ignorance of the functionalities of the cloud platforms and responsibility assignment. We are a few years past the tsunami rush of organizations migrating to the cloud where footguns like storage buckets defaulting to public access routinely exposed vast amounts of private data, but that issue along with unsecured databases still reliably occur. To their credit, most cloud providers have adopted more secure defaults, but the onus is still on the organizations hosting on them to ensure they fully understand the security capabilities and best practices to protect themselves and their customers. IT also doesn’t help that every cloud vendor seems to use their own unique terminology for resources that don’t cleanly or easily map to other vendors. This can lead to confusion as well as disparity in the overall security if an organization is using multiple providers. Responsibility assignment is the other major area where organizations fall down in ensuring cloud platforms are secure. If the cloud migration is handled by a new team, or initially treated as just a test, organizations can often miss assigning responsibility for security and monitoring the new environment. This can lead to significant security issues once the cloud environment goes live or fully scales out.”Click Here To Read The Full Story…