In this security interview, Natalia Pelia, CISO, in Cloudra, discusses common misconceptions about cloud security, a balance between protection and light movement, and the risks that CISO must ignore.
Belaya also offers practical strategies to integrate cloud original safety solutions and mitigate the poor formations on a large scale.
What are the main principles of safety that institutions should follow when deporting to the cloud, especially for the black and multiple bodies?
One of the biggest misconceptions about the cloud deportation is the assumption that security is default. Many institutions move to excessive numbers such as AWS, Google Cloud or Azure, believing that they are inherited entirely or near full safety protection as these platforms are adopted. In fact, cloud safety deportation should follow a shared responsibility model that is clearly understood. They should know exactly where the security providers are safe and where their responsibility begins.
Institutions must understand how to protect their data and applications that exceed the safety provided by cloud infrastructure. This can be done by implementing measures such as Zero Trust, ID Management and strong access, monitoring and detection of threats, retail the network and integrating the original cloud tools to enhance protection.
The management of work burdens through hybrid and multiple environments can increase the complexity, which makes the importance of implementing a safe safety approach that gives sensitive data and meets compliance requirements.
How do you balance security with the light movement of the commercial movement in adopting the cloud, especially when Cisos faces pressure to accelerate the digital transformation?
Safety should be seen as a service that enables business growth, instead of being objectionable. CISOS must align security with work objectives, ensuring information technology support innovation instead of creating road barriers. This requires understanding the priorities of the work, knowing the place of concentration of efforts, and integrating security smoothly into operations.
For example, if the company needs to publish a product in the cloud provider environment, the safety team must have a strategy to integrate it safely into the cloud – and support the implementation of additional controlled controls. Security should facilitate this process efficiently by providing early safety requirements and standards, which shows what is required to achieve additional levels of certificates at the top of the cloud.
DEVOPS security allows companies to quickly innovate while maintaining protection. By automating safety and checks during the software development cycle and ensuring actual time control-the teams can safely build from the beginning instead of fixing the weaknesses later.
What are the most cloud security risks that must be ignored and that CISO should be prioritized, but often do not do it?
One of the most reduced risks in cloud security is to manage the surface of the attack. Many institutions lack a vision of their cloud origins – some of which are not even known as the number of cloud environments they have. It is impossible to protect what you do not know, so good asset management is the key.
The shade is another major issue. Various teams, such as marketing or product development, may revolve from cloud resources without informing security and safety teams. The non -component forgotten cloud environment can display sensitive data or become an entry point for the attackers.
In addition, the maturity of security within the organizations varies. While production environments may be well homogeneous, development and testing environments often lack appropriate controls. This can lead to threats such as Cloud Cryptojacking, as infiltrators disappear to extract the cryptocurrency, and deplete cloud resources instead of data theft.
To mitigate these risks, institutions must ensure continuous vision, unified safety policies, and appropriate governance in all cloud environments – while educating the difference on safe cloud use.
What are the common mismanagement operations in the cloud environments of institutions, and how can they be widely prevented?
It is difficult to believe that many common poor security operations are still rooted in the basics.
One of the most common cloud security errors is not to properly provide access – common examples of this open storage for the public, a weak application programming interface and documentation. Unsaturated and spontaneous programs are still very common, making systems vulnerable to exploitation by threats. Companies are often guilty of assuming that virtual settings are safe, which mainly gives security to security. Good safe configuration and managing the position can help reduce these risks.
Institutions need to ensure that their security basic lines are well documented, automatic, review and review regularly. By adopting this approach, companies can reduce the surface of the attack and maintain a strong safety mode in all their environments.
How to recommend integrating the original cloud security solutions into a broader safety staple?
I recommend the existence of a strategic and unified security requirements. Start by identifying safety gaps and weaknesses in cloud infrastructure. This will help determine the required original safety solutions and how to copy it with your current system. By treating these gaps, you can implement a safety frame that ensures a clear vision and a smooth uniform compliance across both cloud and vitality environments.
Moreover, benefit from safety solutions that are a cloud and an institution that does not put you in a better position to adapt to changing threats, and ensure organizational flexibility when managing hybrid and multi -magic environments.
