ISC 2 - CCSP

What I Have Learned: Cloud Security Insights From CCSP Pros

Cloud Security Insights From CCSP Pros

The age of cloud security gives rise to the somewhat mixed metaphor of a cat and mouse game played out on shifting sands. Cloud security professionals face a multidimensional conundrum as they try to keep pace with changing technologies, upgrades, internal political pressures, and of course external infiltration attempts. Danger can come from the outside or within. It can be mechanical, software driven, or the fault of human beings. And answering the call at the end of this long list of stresses and priorities is a hugely busy, often overworked security team.

So what do they have to say about it? We asked the CEO of (ISC)², a global leader in information, cyber, software and infrastructure security certifications, including the Certified Cloud Security Professional (CCSP℠), and two CCSP-certified security experts to share some of their knowledge and observations. What have they seen? What worries them, and what advice would they offer? Here are a few of their revelations.

Connecting Devices To The Cloud

Everyone is migrating to the cloud,” says Adam Gordon, CCSP, and author and instructor for (ISC)². Through organizations, large and small, public sector and private, as well as millions of individual consumers, every device is connecting and interrelating with every other in ways that no one can accurately map. “The problem is, we don’t always understand what cloud means as we start to consume. As a result, there tends to be a gap where consumption is a lead indicator and security is an afterthought.” Gordon points out that the causes of major breaches can often be tracked to lax behavior on the part of individuals. “Do they understand the implications of allowing an application on their phone, to use the phone’s location services to provide location information to a cloud service? How is that being used? How is it being archived? How is it being tracked?” he asks.

People place a great degree of trust in their systems and their providers and, for Adam, this is not enough. “I think the mistake we make today, or that we have made historically, is we put faith into the provider and say, “they’re going to take care of it…” and we don’t verify. Adam prefers to embrace the phrase used by President Reagan during the 1987 arms control negotiations, and taken from a traditional Russian proverb: trust but verify. “If you take the trust but verify approach, we come up with a solution that actually leads to cloud security. If we just trust, but don’t verify, I think we’re in for some nasty surprises along the way.

Constant Monitoring Critical

These concerns are echoed by Pat (a pseudonym), a CCSP-certified cyber strategist with a federal government department, who points out that a disturbing lack of cohesive policy makes security efforts much harder. “There is very little foundation for cloud environments right now,” Pat says, “the best things out there actually come from the vendors (as opposed to internal), but each vendor has different kinds of priorities. This makes it hard to determine what the threats are, as well as identifying what you don’t know about this environment.” Pat mentions that although external hacking gets the lion’s share of media attention, sometimes the problems come from more day-to-day maintenance activities. “Every time there is an update to your operating system, and you are running software, they can change your actual security configurations. You have to be constantly going back and reviewing what’s going on, and scanning your systems, and seeing what vulnerabilities that previously had been closed have been reopened again; and that is a constant battle.”

security watch

Pat’s main recommendations for striving toward a more secure cloud-connected IT system are a common nomenclature and a wider vision. “In the CCSP training class, I found it highly beneficial to address the naming conventions of how we talk about the cloud-based environments,” Pat says. “You have to understand all those terms and work them through your head in order to have meaningful conversations.” In addition, there is a need for a defined set of policies, and dependable and thorough processes. For example, when an organization performs an internal audit, they should not simply audit the outcomes of a system’s configuration, but rather they should also audit the process to make sure that people are doing things in a way that consistently reaches management’s expected outcomes. Once again, this means understanding the actions of people, along with the technology.

ISC 2 - CCSP

Compounding the challenges for organizations and their security specialists is convergence, says David Shearer, CEO, (ISC)². People often see expansion, in terms of the increasing numbers of devices and technologies connecting to the global Internet. But at the same time, there is “convergence of literally every engineering discipline on the planet, such as mechanical, electrical, software, biomedical, and chemical,” resulting in a cross pollination of protocols and systems through which abuse and contagion have the potential to run rampant.

All three experts agree that the establishment of a common lexicon and culture of clear, proactive communications, paired with both mechanical and corporate awareness, is essential for helping to maintain secure systems, both locally and globally. This commonality and vision must be embraced throughout all managerial levels, reaching right to the top.

For more on the CCSP certification from (ISC)² please visit their website. Sponsored by (ISC)².

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
Design + Cloud + 3D Printing = Real Objects Anywhere

Design + Cloud + 3D Printing = Real Objects Anywhere

Design + Cloud + 3D Printing Got an idea for a new gadget or do you need a unique part? ...
Why Open Source Technology is the Key to Any Collaboration Ecosystem

Why Open Source Technology is the Key to Any Collaboration Ecosystem

Open Source Collaboration Ecosystem Open source – software whose source code is public and can be modified or shared freely ...
Cloud’s Challenge – Bigger than Twice the Stars in the Milky Way

Cloud’s Challenge – Bigger than Twice the Stars in the Milky Way

There are only 100 Billion stars in the Milky Way. Compare that to the over 200 Billion lines of COBOL ...
How IoT and OT collaborate to usher in the data-driven factory of the future

How IoT and OT collaborate to usher in the data-driven factory of the future

The Data-driven Factory The next BriefingsDirect Internet of Things (IoT) technology trends interview explores how innovation is impacting modern factories and supply chains ...
Secure Enterprise IoT Platform

Building a Secure Enterprise IoT Platform

Secure Enterprise IoT Platform In the past 12 months here on CloudTweaks I have discussed some topics that were focused ...
Want To Save The Planet And Be Green? Then Go Cloud!

Want To Save The Planet And Be Green? Then Go Cloud!

Going Green Data Centers (DC’s) – they are hungry beasts. Ten years ago the EPA estimated that DC’s consumed 61 ...
How Will the Internet of Things Change The World of Trucking?

How Will the Internet of Things Change The World of Trucking?

IoT Transportation Ever since sat-navs became commonplace in cars around the world, the relationship between vehicles and wireless data has ...
73% Are Using Internet Of Things Data To Improve Their Business

73% Are Using Internet Of Things Data To Improve Their Business

Internet Of Things Data According to the Cisco Visual Networking Index, M2M connections will represent 46% of connected devices by ...
Digital Innovation Starts with a Digital Core

Digital Innovation Starts with a Digital Core

Digital Innovation A lot of times when the prevalent industry trends are discussed among industry folks, there are usually two ...
The Internet of (Retail) Things: How mPOS Systems Make Buying Stuff High-Tech

The Internet of (Retail) Things: How mPOS Systems Make Buying Stuff High-Tech

mPOS Systems On The Rise Modern society is increasingly connected — and mobile. Those realities have also carried over to ...