Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Securing the Cloud is About Teamwork
I spoke about cloud at a conference a few weeks ago, but I still have lots of thoughts on the topic bouncing around in my head. If you haven’t yet, head on over to our YouTube page and check out the two videos I made on my talk and let me know what you think. For this blog, I’ll be going over some aspects of my presentation in more detail, take a look forward to cloud as we approach 2018, and anything else cloud related on my mind.
At this point, we’ve all heard and read a lot about the cloud. But how much does your security team actually know? There are plenty of online resources (ask your preferred cloud service providers where to find them) where you can learn the basics of cloud in a matter of hours and become proficient in just a matter of weeks. This is absolutely worth the time investment and something organizations should actively encourage.
While cloud adoption is at an all-time high for many organizations, the key to increased cloud security adoption is about one thing: getting everyone on board. Cross-team adoption – whether on application security, IT, or other teams – can really make the difference. Remember not to overlap skills! If your organization has a cloud team – even if it’s just a few people – lean on them to help with educating others across the security disciplines for increased cloud understanding.
One thing I hear tossed around a lot is, “How do we secure the cloud?” That answer is extremely complicated (and the answers are often disappointing to non-security types), so I try to re-frame people’s thinking. Instead of security of the cloud, I think about how to get better security in the cloud.
This comes down to fundamentals. If we stop looking at the cloud as a box to be secured and instead look at it as a platform on which good security practices must be followed, things become a lot clearer. Cloud security isn’t about creating an enormous, impenetrable cloud. That’s impossible. But if we work together to learn about the cloud – its strengths and weaknesses; its flaws and values – and reinforce good security basics, we’ll all be a lot more secure.
I may be biased, but I firmly believe cloud security will be even more important as the calendar turns. Here are some cloud questions I am trying to answer as 2017 comes to a close.
What are some of the first steps an information security team can do to handle cloud growth?
First off, you can’t stop cloud growth and adoption. It’s going to happen. It’s not a fad. It’s not going away. Collaborate with and get to know the cloud team because cloud is here to stay. Education and awareness are the first steps to any security concern and that remains true with cloud.
What are cloud providers doing to improve security?
A lot! One of the most impactful things being done is simple: conversations. Raising awareness by presenting at conferences, writing papers or publishing case studies, and simply talking to one another goes a long way to get everyone on board with cloud. Introducing new tools and better reporting processes are some of the more technical things being done, but these conversations are where it all starts.
What are some big cloud concerns as we head into 2018?
GDPR – the General Data Protection Regulation taking place across the European Union – goes into effect May 2018. The regulations have a lot of organizations scrambling to figure out how exactly this will affect them. From a cloud standpoint, where data lives (and who is responsible) will get more complex. I believe this all ties back to risk and managing it. As more data goes into the cloud, the path forward to securing that data involves bringing enterprise security to the cloud.
Bottom line for cloud security is we need to practice what we preach: getting in there and getting dirty with the security teams that are developing apps and moving things forward. Cloud, in all its decentralized glory, it still extremely difficult to manage and try to secure. That will remain true in 2018. More apps will be made, some of them more secure than others. And of course, security incidents will happen (they always do).
But I am optimistic that as cloud becomes more and more central to nearly every organizations’ success, we as an industry will evolve and succeed. We always do.
Let us know what you need, and we will have an Optiv professional contact you shortly.