Intelligent CISO Issue 23 | Page 74

MAKING SURE CLOUD SECURITY IS YOUR NEW PRIORITY It’s crucial that security strategies must shift to protecting what’s most important from within. Katie Curtin-Mestre, VP of Product, CyberArk, says that organisations must take steps to protect what attackers target most as cloud applications proliferate: privileged access, and drive down risk. P ublic cloud adoption shows no signs of abating. According to our Threat Landscape Report published earlier this year, 94% of global organisations use cloud services. Digital Transformation projects mandated by the C-suite and demands from developers to streamline development processes are forcing even heavily regulated industries such as financial services and healthcare to speed up their adoption cycles. More often than not, these cloud initiatives are deployed without security being factored into the equation. The fault for this can’t be laid at the feet of cloud architecture and DevOps teams though. They often lack the expertise to address – and ensure the mitigation of – the risks associated with extending privileged access. As a result, they often opt not to 74 make security a priority due to the strict mandate to bring new digital services to market quickly and efficiently. With this in mind, it’s crucial security teams collaborate to integrate security before poor practices become entrenched in product development cycles. It’s crucial security teams collaborate to integrate security before poor practices become entrenched in product development cycles. Katie Curtin-Mestre, VP of Product, CyberArk Whether based in the cloud or on- premises, one thing is for sure – organisations’ infrastructures remain vulnerable to attackers’ tried and trusted hacking techniques. These individuals and bodies continue to seek the path of least resistance, so privileged access management (PAM) is vital to securing the attack path. The difference between on- premise and cloud attacks During a typical on-premises breach, attackers begin by looking for ways to compromise a user, leading them to start with an attack on the endpoint. For instance, an attacker could start with phishing to get their hands on privileged credentials. Once the stolen privileged credentials are secured, they could Issue 23 | www.intelligentciso.com