researchHQ’s Key Takeaways:
- Effective cloud security demands that security teams embrace change at speed.
- To avoid misconfigurations and improve efficiency, organisations should invest in continuous employee training.
- Security by design, incorporating security requirements at the development stage, prevents the need for expensive core work later on.
- Continuous, cross-platform, and cloud-native security helps organisations keep up with a rapidly evolving technological and threat landscape while enabling business innovation.
- Under the shared responsibility model, cloud environments are neither inherently secure nor insecure – they are as secure as organisations make.
What is the secret to cloud security? Trend Micro experts have the answers
Organizations are investing in cloud infrastructure and applications at an unprecedented rate, to not only survive but thrive during the pandemic. But expanding digitally also broadens the corporate attack surface. So what’s the secret to cloud security? We asked a range of Trend Micro experts to help you build a winning strategy.
Mark Nunnikhoven, VP Cloud Research:
Security teams are constantly fighting fires, especially at the moment, and are therefore reluctant to embrace new technologies at the pace the business needs. In the same vein, security teams desperately need to reduce their workload, so re-using the same approaches is more efficient for them. However, this attitude ultimately prevents the business from leveraging cloud to its true potential. It also leads to worse security outcomes in the end, as older technology and techniques are out-of-sync with the dynamic demands of cloud environments.
Jon Clay, Director of Global Threat Communications:
One of the biggest challenges we have with technology is the speed of progress. While this drives business innovation and improves our daily lives, it can come at a cost—the extra time it takes security teams to understand the technology, and how it can be exploited. This is true of the cloud today. IT teams often lack training and knowledge on how to effectively deploy and secure it.
Misconfiguration is one of the biggest reasons malicious actors are able to exploit and compromise cloud infrastructure. To improve the situation, organizations need to invest in training their employees on cloud before deploying any new environments. And be sure to continuously train their employees, as the technology continues to evolve.
Bill Malik, VP of Infrastructure Strategies:
Security by design.
Cloud environments should follow the five basic information security design requirements: authentication, authorization, data integrity, data confidentiality, and non-repudiation. One of the hardest problems in any engineering discipline is adding core functionality after the product is built. In car manufacturing, for example, an OEM can bolt-on a seat belt in the after-market phase, but adding an air bag or ensuring the vehicle’s front-end offers a “crumple zone” is much harder, if not impossible.
In the software world too, building security and safety in from the start is much cheaper, easier and more effective than being forced to do so later, once a problem has been detected. Fixing a defect in the high-level design phase costs about ten cents, versus potentially as much as $100,000+ once a bug is reported in code already in production.