Secureworks Cloud Security Journey: Threat to Opportunities
This presentation was by Yaqub Ismail from Secureworks
This presentation followed the Splunk presentation and was also a very good talk that went over several topics such as cloud adoption and lack of cloud security, threat landscape, and proper development lifecycle. There were fewer slides in this however there were was a lot of talking that was not on the slides including discussing the recent major twitter attack (https://threatpost.com/the-great-twitter-hack-what-we-know-what-we-dont/157538/) so I highly recommend watching the recording of it to get everything out of this talk (this talk start around 50 minutes in).
Challenges faced by security leaders
How can I allocate resources and funds and identify where to prioritize investment and time efficiently while meeting security, regulatory, and business objectives?
How can I gain confidence in my approach and its ability to align risk and business goals?
How can I enable the business to securely innovate, migrate to the cloud, and drive digital transformation
According to Gartner, through 2025, 99% of cloud security failures will be the customer's fault and 90% of the organization that fail to control public cloud use will inappropriately share sensitive data
Current threat landscape
Vulnerabilities
Misconfigurations
Hardening standards
Lack of policy/standards
Breakdown in shared responsibility model
Lack of shared database
Infrastructure as code templates
Excess privileges
Attack automation
Threats
Impact to reputation
Loss of intellectual property (IP)
Regulatory implications
Brand impact
Legal and contractual liabilities
Financial impact from incident and breaches
Opportunities
Information security needs executive level attention
A skilled cyber workforce is essential to keep pace with evolving threats
More oversight and partnership with cloud service providers (CSPs)
The financial impact of breaches is not fully examined
Improving employee awareness & vigilance is increasingly important
Cybersecurity Journey
Meet
Security and compliance requirement
Streamline compliance, build business context & reporting
Address
Known & unknown risks
Expand risk focus, improve analysis & metrics
Enable
New business opportunities
Connect risk and the business with cross functional processes
Cybersecurity Lifecycle
Know & Assess
Cyber-risk assessment
Controls & technical assessment
Build & Operate
Cybersecurity countermeasures
Means of risk reduction
Integrate new business
Test & Maintain
Maintenance, monitoring, and management of change
Incident response & recovery
Assessing and Understanding Risk
Risk = Threat x Impact x Probability
Last updated