According to IBM, 98 percent of companies will be using multiple hybrid cloud environments by 2021. This trend isn’t surprising. There are many benefits to operating in the cloud such as improved productivity, an increase in elasticity and huge cost-savings, to name a few. However, we keep seeing a range of issues when it comes to cloud security. From open S3 buckets to a lack of identity access management, why are large organizations struggling to implement an efficient cloud security strategy?

To try and answer that, we asked a range of cloud security experts to share their thoughts on some of the key cloud security challenges and provide advice on how organizations can implement a cloud security strategy that will keep them secure.

Here are their answers.

Tanya Janca | Chief Executive Officer and Co-Founder, Security Sidekick | @shehackspurple

Stephen Wood | Product Manager, TripwireStephen Wood cloud security

So, you’re joining the stampede to the cloud but are struggling not to be trampled. This phase is about survival, not elegance. Use your limited resources strategically. I would recommend three broad courses of action:

1) Triage – What are the key assets moving into the cloud that the company can’t afford to lose? Give them the resources first. Let the low value asset owners know that they are at risk.

2) Focus on ROI – The first five of CIS’s top 20 controls block 85% of all attacks. The other 15 controls give you only 12% more coverage. Spend your time on controls that give you return.

3) Recruit the Masses – According to IBM, two-thirds of records lost were the result of human error, not state-sponsored hacking. You won’t stop issues like misconfigurations via education, but you will slow the leak.

It would also be useful to create a five-minute video that (Read more...)