Video

Contain Cloud Threats Before They Get Out of Control

According to a McKinsey research, cloud represents a $3 trillion opportunity for organizations. However, organizations struggle to capitalize on its full potential due to many challenges. One key challenge is the security of data and workloads in the cloud. Ironically, security challenges like identity and access management (IAM), over-provisioning and privileged access, which has been in existence since pre-cloud days, are yet to be addressed properly. Issues of cloud misconfiguration, API security and supply chain attacks continue to baffle the enterprise technology organizations. The root cause of most ransomware attacks on cloud data is misconfiguration.

See Also: Redefining with Intelligent Automation: A Focus on the Manufacturing Industry

To prevent cyberattacks on cloud, CIOs and CISOs have to keep two things in mind: work on shift-left and zero trust approach. Cloud service providers need to accurately communicate the fundamentals of "shared responsibility."

"More than anything else, zero trust is about common sense. If you take care of multi-factor authentication, single sign-on, segregation of duties, privileged access, network micro-segmentation, IAM and continuous monitoring, that’s essentially zero trust," says Daniele Catteddu, CTO at Cloud Security Alliance (CSA).

In this video interview with Information Security Media Group, Catteddu discusses:

• Cloud computing threat trends of 2023;
• The importance of communicating the shared responsibility principles;
• Getting the cloud-native architecture right with zero trust and shift-left strategies.

Catteddu identifies technology trends, global policies and their impact on information security and CSA's activities. In his career spanning over two decades, he worked at CSA as managing director for the EMEA region, and at European Network and Information Security Agency as an expert in areas of critical information infrastructure protection.