Intelligent CISO Issue 74 | Page 38

f

e

a

t

u

r

e

Firstly , having a robust application security ( AppSec ) program and security architecture can reduce exploitable vulnerabilities . Going beyond traditional , must-have static application security testing ( SAST ) solutions , a mature AppSec platform that secures applications from code to cloud is critical . This , combined with robust logging and security analytics can provide robust data security in the CIO ’ s cloud environments .
A CIO often must accept the business they have , and that isn ’ t the business they wish they had . A CIO is a very busy person for any moderately sized organisation , so perhaps the most effective tool to protect sensitive data is simplicity . Minimise what is considered sensitive ; make the security requirements clear , achievable and measurable ; and establish a set of trusted vendors that you can rely on .
Underlying all of this , is ensuring that your organisation has a set of easy-to-understand policies around data security , and that your employees are trained . If everyone is on the same page , it makes this process much easier .
Trevor Dearing , Director of Critical Infrastructure at Illumio
As organisations continue to invest heavily in the cloud , the responsibility is falling on CISOs to make sure that their security posture is up to scratch . Research indicates that nearly half of all data breaches originate in the cloud , with the average organisation who suffered a cloud breach last year losing nearly US $ 4.1 million .
Beyond financial losses , the repercussions of cloud breaches extend to reputational damage , sensitive data loss , and decreased productivity , leading to an urgent need for robust security measures tailored to the cloud environment . With the majority of businesses today holding their most critical data and high-value applications in the cloud , there needs to be a fundamental shift from reactive measures of old to a more proactive approach to breach containment in the cloud .
Traditional security tools are increasingly falling short in addressing the dynamic and interconnected nature of the cloud . Organisations should take a strategic approach to integrating cloud security with existing approaches . While the security needs of the cloud itself are unique , the security of the data should be consistent across the hybrid infrastructure . Adopting a Zero Trust approach across the entire estate protects the data while adopting specific cloud security techniques .
It is easy to put faith into the shared responsibility model when it comes to cloud security , but the concept is frequently misunderstood . Security is not solely the cloud provider ’ s responsibility and risk cannot be outsourced . Cloud security providers ( CSPs ) are only responsible for their own systems which , in a multi cloud environment , means that there is an uneven handshake between businesses and providers . IT teams must therefore be more proactive in securing their own assets and embrace a uniform approach to security across all environments .
IT teams should prioritise security measures which support multiple cloud providers to prioritise uniformity , such as Zero Trust Segmentation ( ZTS ). Rooted in the Zero Trust principle of ‘ never trust , always verify ’, ZTS offers a granular and adaptable
38 WWW . INTELLIGENTCISO . COM