Thought leaders tips to obtain a secure cloud environment
Securing the cloud ecosystem is a multifaceted endeavor requiring both strategy and cooperation. Learn best practices and practical advice from leading speakers in this space.
Securing the cloud should be top of mind for IT professionals. Use of the cloud has exploded in recent years, making it a vulnerable target for threat actors. The latest BrightTALK summit "Securing the Cloud Ecosystem" showcased a set of diverse thought leaders sharing tips on how to securely manage migration to the cloud as well as how to protect sensitive data stored within it from increasingly insidious cyberattacks. Read some of the highlights from this informative event.
The summit opened with former penetration testing lead and frequent speaker Chiletam Ogbu. In her aptly named talk "Don't Let Your Cloud Dreams Turn Into Data Nightmares: Tips for Migration," Ogbu spoke of cloud migration best practices, encouraging companies to ask themselves why they want to migrate, what they want to migrate (services, data, apps) and how they plan to manage the operations (through SaaS, different providers, Azure, or from a central console). These questions can guide the migrating process and inform the type of cloud migration necessary -- full, hybrid-cloud, cloud-to-cloud or multi-cloud. She explained how several factors help determine a successful cloud migration, such as the quality of a cloud provider, ability to reduce error and curb misconfiguration, and cloud infrastructure maintenance. Ogbu also suggested executing each operation as code with clear transparency, followed by testing and validating this code. She concluded her talk by likening cloud migration to upgrading a fortress. "When the fortress -- in this case the apps and data -- are on shaky ground, they must migrate these valuable assets to a different landscape."
Founder and CEO of Way2Protect and a former victim of identity theft, Sandra Estok focused on the human factor in cloud migration: "Like moving to a new house, moving to the cloud can mean the loss of valuable belongings if you're not careful." Human workers are one critical factor often overlooked by companies embarking on this transformation. Estok cited several surveys blaming human error for 74% of cyberattacks, according to Verizon's "2023 Data Breach Investigations Report;" 80% according to Harvard Business Review; and as high as 95%, according to IBM and the World Economic Forum. Human errors can take many forms, such as misconfigurations -- for example, leaving default settings -- overly broad use of user permissions, phishing attacks or process failures, like incomplete data mapping or poor cleanup after a user leaves the company.
Estok presented a self-styled approach "cyber self-defense" where companies practice being intentional and bring full awareness to the present moment they are using technology rather than mindlessly clicking through the steps. Cybercrime continues to rise even with more effective and sophisticated protections in place, she warned. Cybercriminals are constantly adapting and finding new ways to trick users and gain access into cloud environments. Companies must prepare their workers to be part of their security strategy. "A secure company is an adaptable company."
Secure data in the cloud
Adopting multi-cloud, with its increased agility and resilience, can better meet the demands of the modern workforce but can present challenges for data security. Elango Balusamy, co-founder and CTO of technology consultancy SquareShift.co, discussed how companies can secure their data while adopting a multi-cloud environment. Governments all over the world are enacting laws covering data protection and privacy even in developing countries like Vietnam and India with drivers including data privacy concerns, nationalism and the economic value of data. Challenges include backup policies and strategy, compliance, visibility, misconfigurations and encryption. Best practices to address these range from GDPR-compliant local laws, inventory asset lists and baseline protection rules. Data privacy introduces another set of challenges, such as identity and access management, data location and transparency, and vendor management. Solutions to combat these are single sign-on, regular reviews and audits, centralization operation control and automation.
Yesenia Yser, founder of Yes2Tech consultancy, took a multi-faceted approach to cloud security in her talk that dove into open source, generative AI (GenAI) and the supply chain. Cloud serves as a main interconnecting point between all points of the business, including GenAI. "AI is the new butter to the bread." GenAI has proven beneficial to research and the supply chain, which took a hit during the pandemic -- think back to the toilet paper shortage of March 2020. AI applications can help manage the many moving parts of the supply chain, though the largest drawback of both the use of the cloud and AI is the expansion of the threat factor. Yser recommended companies explore open source communities for more guidance on utilizing AI, such as Open Web Application Security Project (commonly referred to as OWASP), Open Source Initiative, Apache Software Foundation and Gnome Foundation, among countless others.
Viewers can continue tuning into the BrightTALK platform for more compelling summits covering data management, application security, threat detection and many other subject matter areas to improve your IT environment.
Alicia Landsberg is a senior managing editor on the BrightTALK summits team. She previously worked on TechTarget's networking and security group and served as senior editor for product buyer's guides.