Letting Go While Holding On: Managing Cyber Risk in Cloud Environments

by Maurice Uenuma on May 20, 2019

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years.

Within a year, the tone had changed. What used to be “we’re thinking about it” became “the CIO wants to see migration starting this year!” By 2018, many customers were fully immersed in an aggressive campaign to revamp their IT environments.

The business benefits of shifting to cloud-sourced infrastructure, platforms and software are well known. Often less understood, at least by many senior leaders making large-scale investment decisions, are the security and compliance nuances of such a shift. To effectively manage risks in new, usually-hybrid, environments, organizations will face both challenges and opportunities.

Cloud-hosted IT doesn’t necessarily mean less secure. There are many security enhancements offered by hosting services which may not otherwise be effectively implemented in a business whose core competencies don’t include IT.

Infrastructure-as-a-Service, for example, often comes with built-in patch management, secure configurations (or at least securely configurable settings), system redundancies, data backups and incident response—so security is not always compromised; it can actually be improved in some ways. But cloud-hosted IT does mean security is different.

Much of the difference comes from the expanded scope of coverage needed. There are generally three areas that need to be considered:

Security of cloud-hosted assets. Simply stated, this is an extension of what has always been needed on-prem: security controls on virtual servers, databases, workstations, etc., which process data and do the work. While the host may be different (physical to virtual, on-prem to hosted), the security metrics, measures and tools remain similar. (Read a white paper on this topic)
Security of cloud accounts. This is the customer-centric cloud (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Maurice Uenuma. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/managing-cyber-risks-cloud-sourced-environment/

May 20, 2019May 21, 2019 Maurice Uenuma CIS, cis controls, Cloud, IT Security and Data Protection

Maurice Uenuma

:**Maurice Uenuma is VP & GM, Americas and security strategist at Blancco, collaborating with an excellent team to deliver the world's leading data erasure, IT asset disposition, and mobile lifecycle solutions to address privacy, security, and sustainability needs. Prior to Blancco, Maurice was Vice President, Federal & Enterprise with Tripwire, supporting state governments and large enterprises in the United States. Prior to joining Tripwire, he was Vice President at the Center for Internet Security (CIS), and served as Workforce Management co-chair of the National Initiative for Cybersecurity Education (NICE) Working Group at NIST. Earlier, Maurice held leadership roles at Perot Systems and Dell, and served for nine years as an infantry and special operations officer in the United States Marine Corps. Maurice holds a Master’s degree in National Security Studies from Georgetown University, graduated from the U.S. Naval Academy, and is a GIAC-certified Global Industrial Cyber Security Professional (GICSP).

maurice-uenuma has 12 posts and counting.See all posts by maurice-uenuma