“Lots of security teams thought they could use general cyber security specialists and have them secure their clouds, only to now discover it is wildly different – requiring specific skills, tools, and knowledge. That is what is making cloud such a focus in 2023, even though it has been around a long time.” James Lyne // Secure Impact
When asked to name their top concerns for 2023, it is unsurprising to find cloud security on most security teams’ list. We’ve seen a number of high-profile cloud breaches, and one impact of the pandemic, and the resulting move to a hybrid workforce, is that businesses have become more reliant on using cloud services for their core business functions. Many teams believe that they are now more vulnerable to cyber-attacks as a result, and one question we see a lot is ‘how can I identify vulnerabilities in a cloud environment and protect my business?’
Every analyst and security leader we talk to has listed cloud security as one of their big spends this year - so how should you be using your budget? What are some of the tried and tested methods you can take to test your cloud environment and services, and identify and remediate vulnerabilities quickly?
Of course, every business has a unique risk profile and there is no ‘silver-bullet’ that will work for every organisation, but our experienced panel discussed a number of steps you can take to test your cloud set up and improve your organisation’s cyber maturity.
We were joined by Simon Vernon, who is Head of Research and Development for SANS Institute and teaches the SANS SEC488: Cloud Security Essentials course and associated GIAC certification.
What we discussed:
- What has changed? Why now?
- How are cloud services being exploited?
- How and when can you identify security vulnerabilities in your cloud environments, and how can they be remediated?
- How to manage risk for the cloud services you use?
- Next steps - what can you do today?