ISC 2 - CCSP

What I Have Learned: Cloud Security Insights From CCSP Pros

Cloud Security Insights From CCSP Pros

The age of cloud security gives rise to the somewhat mixed metaphor of a cat and mouse game played out on shifting sands. Cloud security professionals face a multidimensional conundrum as they try to keep pace with changing technologies, upgrades, internal political pressures, and of course external infiltration attempts. Danger can come from the outside or within. It can be mechanical, software driven, or the fault of human beings. And answering the call at the end of this long list of stresses and priorities is a hugely busy, often overworked security team.

So what do they have to say about it? We asked the CEO of (ISC)², a global leader in information, cyber, software and infrastructure security certifications, including the Certified Cloud Security Professional (CCSP℠), and two CCSP-certified security experts to share some of their knowledge and observations. What have they seen? What worries them, and what advice would they offer? Here are a few of their revelations.

Connecting Devices To The Cloud

Everyone is migrating to the cloud,” says Adam Gordon, CCSP, and author and instructor for (ISC)². Through organizations, large and small, public sector and private, as well as millions of individual consumers, every device is connecting and interrelating with every other in ways that no one can accurately map. “The problem is, we don’t always understand what cloud means as we start to consume. As a result, there tends to be a gap where consumption is a lead indicator and security is an afterthought.” Gordon points out that the causes of major breaches can often be tracked to lax behavior on the part of individuals. “Do they understand the implications of allowing an application on their phone, to use the phone’s location services to provide location information to a cloud service? How is that being used? How is it being archived? How is it being tracked?” he asks.

People place a great degree of trust in their systems and their providers and, for Adam, this is not enough. “I think the mistake we make today, or that we have made historically, is we put faith into the provider and say, “they’re going to take care of it…” and we don’t verify. Adam prefers to embrace the phrase used by President Reagan during the 1987 arms control negotiations, and taken from a traditional Russian proverb: trust but verify. “If you take the trust but verify approach, we come up with a solution that actually leads to cloud security. If we just trust, but don’t verify, I think we’re in for some nasty surprises along the way.

Constant Monitoring Critical

These concerns are echoed by Pat (a pseudonym), a CCSP-certified cyber strategist with a federal government department, who points out that a disturbing lack of cohesive policy makes security efforts much harder. “There is very little foundation for cloud environments right now,” Pat says, “the best things out there actually come from the vendors (as opposed to internal), but each vendor has different kinds of priorities. This makes it hard to determine what the threats are, as well as identifying what you don’t know about this environment.” Pat mentions that although external hacking gets the lion’s share of media attention, sometimes the problems come from more day-to-day maintenance activities. “Every time there is an update to your operating system, and you are running software, they can change your actual security configurations. You have to be constantly going back and reviewing what’s going on, and scanning your systems, and seeing what vulnerabilities that previously had been closed have been reopened again; and that is a constant battle.”

security watch

Pat’s main recommendations for striving toward a more secure cloud-connected IT system are a common nomenclature and a wider vision. “In the CCSP training class, I found it highly beneficial to address the naming conventions of how we talk about the cloud-based environments,” Pat says. “You have to understand all those terms and work them through your head in order to have meaningful conversations.” In addition, there is a need for a defined set of policies, and dependable and thorough processes. For example, when an organization performs an internal audit, they should not simply audit the outcomes of a system’s configuration, but rather they should also audit the process to make sure that people are doing things in a way that consistently reaches management’s expected outcomes. Once again, this means understanding the actions of people, along with the technology.

ISC 2 - CCSP

Compounding the challenges for organizations and their security specialists is convergence, says David Shearer, CEO, (ISC)². People often see expansion, in terms of the increasing numbers of devices and technologies connecting to the global Internet. But at the same time, there is “convergence of literally every engineering discipline on the planet, such as mechanical, electrical, software, biomedical, and chemical,” resulting in a cross pollination of protocols and systems through which abuse and contagion have the potential to run rampant.

All three experts agree that the establishment of a common lexicon and culture of clear, proactive communications, paired with both mechanical and corporate awareness, is essential for helping to maintain secure systems, both locally and globally. This commonality and vision must be embraced throughout all managerial levels, reaching right to the top.

For more on the CCSP certification from (ISC)² please visit their website. Sponsored by (ISC)².

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
Malware Will Cripple Cloud And IoT Infrastructure If Not Contained

Malware Will Cripple Cloud And IoT Infrastructure If Not Contained

The Malware Cloud Concern This year we’ve had two cyber attacks in which malware was used to cripple government computer ...
10 Charts That Will Change Your Perspective Of Amazon Prime’s Growth

10 Charts That Will Change Your Perspective Of Amazon Prime’s Growth

10 Charts That Will Change Your Perspective 70% of Americans with incomes of $150,000 or more who shop online have ...
How Strategy – Not Technology – Is The Real Driver For Digital Transformation

How Strategy – Not Technology – Is The Real Driver For Digital Transformation

The Real Driver For Digital Transformation Business owners and executives today know the power of social media, mobile technology, cloud ...
Five Ways CPQ Is Revolutionizing Selling Today

Five Ways CPQ Is Revolutionizing Selling Today

CPQ Is Revolutionizing Selling Configure-Price-Quote (CPQ) continues to be one of the hottest enterprise apps today, fueled by the relentless ...
How Leading Organizations are Leveraging Big Data

How Leading Organizations are Leveraging Big Data

Seeing The Big Data Picture “Data will talk to you if you’re willing to listen”— Jim Bergeson. Few can dispute ...
Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning

Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning

Machine Learning Explained Once we start delving into the concepts behind Artificial Intelligence (AI) and Machine Learning (ML), we come ...
The Virtue of Intelligence in the Cloud

The Virtue of Intelligence in the Cloud

According to a recent IDG survey, about 70% of companies have at least one application in the cloud. An additional 43% want to migrate most, or all, of their data workloads and analytics capabilities to the ...
Netflix subscriber slip hints at 'lumpy' road ahead

Netflix subscriber slip hints at ‘lumpy’ road ahead

(Reuters) - Shares of Netflix Inc fell 13 percent on Tuesday after it reported a surprise shortfall in subscriber additions for a second quarter marked by the lack of a blockbuster new show and the ...
The Fraud Management Solutions Market Will Exceed $10 Billion By 2023

The Fraud Management Solutions Market Will Exceed $10 Billion By 2023

Estimates of the cost of fraud vary widely, but almost everyone agrees that the cost is huge and appears to be increasing. Looking just at eCommerce, Forrester predicts that US and Western European eCommerce fraud ...