Key Takeaways from Leo Taddeo on Discover Performance Weekly
Leo Taddeo joined host Paul Muller (@xthestreams) and Bobby Patrick (@bpatrick001), CMO of HP Cloud on the latest episode of Discover Performance Weekly to ask whether cloud and security was an oxymoron.
So is cloud and security an oxymoron?
Here are the main takeaways from Taddeo and Patrick:
- The cloud isn’t more or less secure than on-premises. In all the major breaches Muller noted that none of them seemed to be about cloud. Taddeo commented that the cloud does present an attractive target for adversaries, but that the cloud is also well-defended. Just moving to the cloud doesn’t remove the responsibility away from network defenders. Instead, it makes it so that these network defenders find it easier to manage, configure, patch and monitor resources. And this is easier in a virtualized environment. So while the cloud does present a bigger impact if there is a breach, in the long run, the cloud will favor the network operator in defense of the network because of the efficiencies it providers. It also may free up resources for better defense and analytics.
- Organizations need a 360 degree view of their cloud. When asked what network defenders should prioritize, Patrick commented that organizations need a 360 degree view of their cloud. He suggested four main points: Look inside the cloud, look under the cloud, look across the cloud – because we are a multi-cloud world where workloads and sensitive data are managed across many clouds, and finally look at the emerging access point, the edge of the cloud.
- Perimeter defense has been the focus for network security. However, time and time again, adversaries run over the perimeter. It is time to re-think the strategy. Taddeo suggests looking at the entire network to know what is actually going on within it and limit what authorized users can see, do and where they can go. He continued to say that as long as we are in a credentialed environment, adversaries’ will steal credentials – whether it is socially engineered or a web application is attacked. A network defender needs to ask themselves ‘what damage can someone with valid credentials do?’ and then work from that point of view to limit it.
- Prepare for the inevitable – you will be breached. When Muller asked how to keep a network safe, Taddeo said to prepare for the inevitable – that you will be breached. And if you have been breached and you haven’t prepared, you have a problem. Prepare for breaches ahead of time with your entire team beyond just the technical team to an entire incident response team that includes legal counsel and communications. And be transparent. Keep customers, partners or regulating bodies informed by disclosing what you can, when you can.
Hear more from Taddeo and Patrick by watching the full video.