Steps for CISOs to Monitor Various Cloud Environments

9
Steps for CISOs to Monitor Various Cloud Environments

Cloud environments can be reasonably complex, containing many different components, and each of these components should be mapped to one or more business functions so that the security teams have clear visibility of how a failed or underperforming component can affect applications and their users,” says Richard Hughes, Ethical Hacker and Head of Technical Cyber Security, A&O IT Group, in an exclusive interview with ITSecurityWire.


ITSW Bureau: How can enterprises leverage IT-managed services to drive a positive impact on their business’s profitability? 

Richard Hughes: Even within large enterprises, many internal IT functions are not equipped to keep up with the rapid pace of technological innovation. This can lead to decisions being made based on the available knowledge within the team, ignoring what may be the best solution for the business. Some IT services may choose to resist change in favor of what they know, hiding behind the perceived risk of new technology, which will only lead to a lack of proactivity and a struggle to keep up with the demands of the business.

Working with an MSP will provide access to a large team of experts which will not only allow CISOs to make the right technology choices for the business but will ensure that they don’t need to employ their experts in every technology discipline which would be a far more costly alternative given the mixture of technology within many enterprises. Service Level Agreements (SLAs) are rarely set and enforced with internal teams but MSPs will stick to these rigidly or face a financial penalty resulting in reduced downtime and providing peace of mind for the client. An additional increase in profitability can come from the economies of scale an MSP can leverage when purchasing services and equipment from vendors with ongoing relationships.

Also Read: 3 Things CISOs are looking for in XDR Vendors

ITSW Bureau: In today’s dynamic evolving cyber-attacks, what steps can enterprises take to strengthen their cybersecurity infrastructure?

Richard Hughes: It is extremely important that organizations apply security patches for all devices at the earliest opportunity. Whilst this may be obvious for laptops, desktops and servers, organizations often overlook firewalls, routers, switches, and other internet-connected devices. Further to this, organizations should have regular vulnerability assessments and penetration tests conducted. Organizations must not see these assessments as an infrequent annual exercise, even if the infrastructure is not evolving, the techniques used by attackers certainly are and for that reason, what may be considered a good security posture today may well change over a relatively short time. Organizations with a reasonably mature security function should also consider Red Team engagements as these provide a realistic attack simulation over an extended period and will often highlight vulnerabilities that a straightforward vulnerability assessment of penetration test simply cannot.

ITSW Bureau: How can enterprises effectively monitor their infrastructure and data in various cloud environments? 

 Richard Hughes: Many products can be deployed to effectively monitor solutions in cloud environments and selecting one is often the easy part. The harder part may be configuring any of these products to effectively monitor what is important to the business. Before deploying any solution, security teams will need to define KPIs and other metrics that affect the operation or otherwise impact the business. Many of these measurements will be common to both cloud and non-cloud environments but others such as cloud service and usage costs where services are being dynamically loaded and balanced may not have been previously considered and could be easily overlooked. Cloud environments can be reasonably complex, containing many different components, and each of these components should be mapped to one or more business functions so that the security teams have clear visibility of how a failed or underperforming component can affect applications and their users. They shouldn’t forget security monitoring, which may include sending logs files to security information and event monitor (SIEM) solutions or deploying managed detection and response software in the cloud environment. Again the correct configuration will be key here to ensure they don’t simply store and ignore important security events. An experienced security consultant will help to define the best solution.

Also Read: 5 Ways to Enhance Collaboration Between Cybersecurity and Cloud Teams

ITSW Bureau: What steps can enterprises take to effectively identify any GDPR gaps to avoid penalties?

Richard Hughes: Since GDPR was introduced in 2018, it is surprising just how many organizations are not compliant with a greater number not being sure either way. Organizations require a designated Data Protection Officer (DPO) if they are a public body (with some exceptions), process a large amount of data, or process data on individuals. Many enterprises will likely require a designated DPO and it is certainly recommended even where it is not mandatory. A DPO does not have to be a full-time role and a virtual DPO facility may even fill the role. A DPO must be familiar with GDPR and be responsible for maintaining compliance, but becoming compliant may require external assistance. A security consultancy will be able to help security teams audit existing data and processing activities, providing a clear picture of any gaps in compliance to avoid costly penalties. It is recommended to have regular audits to ensure any changes within your business have not created a non-compliance.

Richard Hughes, Ethical Hacker and Head of Technical Cyber Security, has over 20 years’ experience as an Information Technology professional specializing in the field of Information Security. He has a thirst for technology and the skills required to take ideas through proof of concept to production-ready solutions.