The Jedi Incident Response Plan for Cloud Security

Here is a surefire way to annoy your friends: anytime someone says they tried to do something, you do a funny Yoda voice and say, “Do or do not. There is no try.” This is primarily the domain of dad humor, and no one will laugh except for you. This isn’t just because you’ve just played your dork card, it’s also because there’s also a hint of truth in the Jedi philosophy. There are enough self-help books and translations from the Stoics to help us understand that accomplishment is largely a factor of just grinding it out and getting it done, no matter what the obstacle. The problem is that it works for some situations in life, but others call for nuance and measured response. Cloud security calls for the latter.

Yoda would be a great fitness coach, but it turns out he’d make a pretty good CISO, too. In the world of enterprise cloud security, the ideal is certainly complete security and control. But that’s not the result of willing it to happen. Great CISOs and CIOs and Chief Trust Officers all recognize that the process and effort is cyclical – you develop a plan, stick to it yet change when needed, and deal with issues as they arise. Yes, you’re playing both offense and defense, but you also have to be able to adapt as necessitated by reality. As much as you have planned for configuring ports correctly, you may discover that one is open. A Jedi doesn’t fall apart because he failed at locking down all ports; he fixes the problem.

Kate Fazzini of the Wall Street Journal recently wrote an insightful piece on the professional way that Whole Foods handled a recent security breach and it provides important lessons. As she put it, “…can a breach go ‘right,’ or at least, ‘as well as possible, given the circumstances?’ Some security experts are pointing to a recent incident at Whole Foods as a quick lesson in how losing customer data can be mitigated before a worst-case scenario occurs.”

What makes this case so instructive is that Whole Foods responded quickly and with intent. The result was that affected systems and IT resources were isolated and removed while an effective communication plan immediate went into action. This wasn’t a case of “there is no try.” Whole Foods got hacked. But they were also agile, responsive, and able to admit mistakes. I suspect Yoda would consider that to be an acceptable and Jedi-like way to handle things.

The situation involved some in-house Whole Foods restaurants having their point of sale (POS) systems hacked; these systems were not integrated with Whole Foods’ grocery store systems and data repositories, but it was an attack under their umbrella and they took quick action to deal with it. Whole Foods admitted and communicated the issue publicly, segmented the affected network, and quickly replaced the terminals that had been used; their efforts contributed to significant reduction of the potential impact of the breach. One security expert likened the situation to “…having an intruder break into your garage, but having the door within the garage leading to the house locked.” Fazzini points out that many enterprises leave some doors unlocked because of the lag time with integrating resources and migrating to a cloud environment.

We advocate for a smart, logical, but quickly implementable incident response plan. Whole Foods clearly had one and it prevented further damage but also helped them maintain their stellar brand image among stakeholders. We also know that smart organizations adhere to cloud security best practices to ensure their customers’ and employees’ data is protected.

A Jedi is no pushover, but a Jedi also knows how to solve problems. Ultimately, security in an environment where change never ends and you’re dealing with ever-increasing amounts of data and transactions requires that nimbleness and adaptability probably more than anything else.


Photo by Tobias Cornille on Unsplash

The post The Jedi Incident Response Plan for Cloud Security appeared first on Cloud Sentry Blog.

*** This is a Security Bloggers Network syndicated blog from Cloud Sentry Blog authored by Patrick Flanders. Read the original post at: