NEW VIDEO: Security Weekly - How to protect AWS metadata services (used in Capital One breach). Watch now!
 
 

Managing the Modern Data Center, On-Prem or in the Cloud

Companies are moving more and more of their operations to the cloud. Though the trickle has been constant for the last decade, at least, we’ve reached a tipping point where major organizations and government departments are publicly announcing wholesale shifts of their infrastructure and applications to the cloud. Businesses know the benefits of moving to the cloud, and even the most hardened cybersecurity practitioner will admit that “there are so many great things a CSP (cloud service provider) may do better than what a traditional IT shop can do,” said Jake Kouns, CISO and COO of security analytics firm, Risk Based Security. However, just because the environment changes, the need for careful planning and security oversight remains.

During Black Hat USA, Kouns explained that organizations don’t necessarily need to reinvent the wheel when it comes to securing services and applications in someone else’s infrastructure. It is necessary, however, to extend lessons learned over the years. “We need the same level of maturity in the cloud [as in an on-premises data center],” he said, pointing to the fact that a data breach or compromise results in the same thing to the affected organization regardless of environment, but added that he has a “love-hate-love” view of the cloud because the systemic risk is higher. “When there’s one vulnerability that can impact dozens or hundreds of clients,” Kouns warned, it would be negligent to ignore “what your neighbors are up to” or assume that all tools and processes can automatically extend to the cloud.

In this short video shot in the Black Hat Business Hall, Kouns shares his thoughts on:

  • How to approach securing cloud environments
  • When and where zero trust networking factors into a cloud migration
  • Why you should “make software and vendors earn their way onto your network”


Stay on the cutting edge. Subscribe to our blog.


Katherine Teitler, Director of Content

Written by Katherine Teitler, Director of Content

Katherine Teitler leads content strategy and development for Edgewise Networks. In her role as Director of Content she is a storyteller; a translator; and liaison between sales, marketing, and the customer. Prior to Edgewise, Katherine was the Director of Content for MISTI, a global training and events company, where she was in charge of digital content strategy and programming for the company's cybersecurity events, and the Director of Content at IANS, where she built, managed, and contributed to the company's research portal.