MAKING SURE CLOUD
SECURITY IS YOUR
NEW PRIORITY
It’s crucial that security strategies must shift to protecting
what’s most important from within. Katie Curtin-Mestre, VP of
Product, CyberArk, says that organisations must take steps
to protect what attackers target most as cloud applications
proliferate: privileged access, and drive down risk.
P
ublic cloud
adoption shows no
signs of abating.
According to our
Threat Landscape
Report published
earlier this
year, 94% of global organisations use
cloud services. Digital Transformation
projects mandated by the C-suite and
demands from developers to streamline
development processes are forcing
even heavily regulated industries such
as financial services and healthcare to
speed up their adoption cycles.
More often than not, these cloud
initiatives are deployed without security
being factored into the equation. The fault
for this can’t be laid at the feet of cloud
architecture and DevOps teams though.
They often lack the expertise to address
– and ensure the mitigation of – the risks
associated with extending privileged
access. As a result, they often opt not to
74
make security a priority due to the strict
mandate to bring new digital services
to market quickly and efficiently. With
this in mind, it’s crucial security teams
collaborate to integrate security before
poor practices become entrenched in
product development cycles.
It’s crucial security
teams collaborate
to integrate
security before
poor practices
become entrenched
in product
development cycles.
Katie Curtin-Mestre, VP of Product, CyberArk
Whether based in the cloud or on-
premises, one thing is for sure –
organisations’ infrastructures remain
vulnerable to attackers’ tried and trusted
hacking techniques. These individuals
and bodies continue to seek the path of
least resistance, so privileged access
management (PAM) is vital to securing
the attack path.
The difference between on-
premise and cloud attacks
During a typical on-premises breach,
attackers begin by looking for ways to
compromise a user, leading them to
start with an attack on the endpoint. For
instance, an attacker could start with
phishing to get their hands on privileged
credentials. Once the stolen privileged
credentials are secured, they could
Issue 23
|
www.intelligentciso.com