Two Truths And A Lie About Cloud Security

April 08, 2021 | IN Blog, Cloud Security Posture Management, Security Operations | BY Ashleigh Lee
circle
circle

Cloud technology saved many businesses from catastrophe during this past year, but it’s also introduced additional challenges to security, compliance, and governance practices.

The pandemic, with the stay-at-home orders, hastened the destruction of a “perimeter” and forced organizations to reframe how the business could run effectively while still protecting its cyber assets - infrastructure systems, physical endpoints, intellectual property, etc. This forced more digital transformation and brought to light two truths and a lie about cloud security.

Truth #1: The cloud security skills gap is real.

meme-experience

To keep up with industry trends, it only makes sense that the number one skill cited as a focus for cybersecurity professionals is cloud security. And while cloud is not new, securing the cloud continues to be a challenge.

The cybersecurity skill gap is something that’s been talked about for nearly the last decade. With the move to remote work, 56% of security professionals globally say that cybersecurity staff shortages are putting their organizations at risk.

Skill shortage increases the workload on existing staff and more experienced professionals, with 75% of security professionals citing increased workloads and being on call contributing to burnout. A nugget of hope, though, is the new crop of college graduates entering the cybersecurity workforce. With more universities developing programs focused on cybersecurity, the supply of talent will hopefully help diminish the skill gap.

Finding the time and resources to upskill is difficult, especially in a traditionally resource constrained environment. However, it stands to reason that by saving time in the day-to-day operations and breaking down tasks to share the workload with new college grads, employees carve out room to grow professionally.

Truth #2: Technology sprawl is real.

The speed at which the business runs creates technology sprawl. Every new person, process, and technology - the very things that run your digital operations, your business - bring risk that can grow wildly out of control if not properly managed.

much-tech-stack-very-impressBut if the business can’t continue to innovate, they might as well be dead in the water. With whatever cybersecurity framework you use, the bottom line is you need to secure all your assets while empowering employees to drive business.

No matter how you look at the technology landscape, more isn’t always better. Each piece of technology may have its own means of security, but how can you, as the security leader, be strategic in your tech stack roadmap to get the visibility you need to see avenues of compromise before they happen AND respond proactively if all the controls are in different, disparate systems?

This is where JupiterOne excels. Our cloud-native platform integrates traditionally siloed systems to automate discovery of all of your cyber assets - users, permissions, servers, code repos, vulnerabilities from assessments, etc. All of this data is ingested, normalized, and made easy to search and query. Not only can you explore the graph branches step-by-step to get an idea of the related systems that might be impacted if one gets compromised, you can also aggregate data and build baseline metrics that you can measure against over time for your security program. While the good ol’ system of rows and columns still exist, the value is understanding the ripple effect through the relationships.

JupiterOne makes it easier for the owners of disparate systems to gather rich contextual information to remediate misconfigurations and security gaps before they become a problem. After all, how often do you wish you had a clearer understanding of business impact to properly prioritize fixes?

Lie: Compromise is mandatory.

The looming threat of “it’s only a matter of time before we’re compromised” doesn’t have to keep you awake at night.

Every piece of the security org plays their part to prevent compromise and protect the business. By getting a centralized view of all your cyber assets - people, policies & procedures, technology - and understanding the relationships across all of them, you are taking an attacker point of view. Attackers think in graphs.

Threat modeling teams, like the team at Aver, often spend a lot of time analyzing the paths that attackers could take to compromise systems and steal data. The JupiterOne graph model helps you explore different avenues of attack and have reliable takeaways on projects and priorities to be proactive and prepared as an organization.

root+causeAnd if compromise does happen, JupiterOne can also be used as a first step to triage and find root cause. Just take a look at how Databricks gains unprecedented visibility with JupiterOne, which serves as the basis for their security program, including incident response and system ownership accountability.

It all starts with centralizing visibility of your systems and data. Start using JupiterOne today to centralize visibility of your multi-cloud environment. Use the form below to get started!