CISO Series: Why cloud security is a different beast than on-premises
As virtually every organization moves to and builds in the cloud, they’re realizing securing those cloud environments is both critical and, in many ways, more complex than on-premises. Why? Simply put, when anyone can create new accounts and services, security teams have no choice but to move quickly to understand the full scope of their cloud environments. So, how can security teams separate normal activity from actual threats in these chaotic environments? Our VP of Platform & Solutions Marketing, Meg Diaz, joined the CISO Series podcast to share our perspective and highlight why security is now a data problem.
Check it out below:
David: Meg the topic that comes up a lot even before I ever started CISO series. Securing the Cloud. It is not the same thing about on premises. What has that discussion evolved into?
Meg: More and more organizations are building in the cloud. What we’re seeing is people recognizing that securing the cloud is really a different beast.
David: What are the unique elements of cloud that make it a different beast?
Meg: Anybody can spin up a new account, a new cloud account, new services,
David: Not just your I.T. department.
Meg: So it becomes really hard for security teams to even understand what is the cloud environment actually look like? What’s the scope?
David: How are you sort of addressing the issue of understanding what the risks are in a more sensible way?
Meg: At Lacework, we are really viewing cloud security as a data problem. We really look at it as as taking massive amounts of data that you have in the cloud automatically analyzing and correlating that together and understanding how your cloud operates and what behavior is is normal or something that should be cause for concern.
David: Where does Lacework from, where’s it sort of range of operation and where does it stop that? It’s like this is where Lacework can operate. We can have a lot of success, but this is sort of our space of expertise, if you will.
Meg: It’s not all machine learning, right? And even at at Lacework, we use a combination where, you know, there are rules. But what we also look at is, you know, where can we go beyond just the rules and how do you make that easier so that you’re not spending a lot of a lot of time and resources trying to think of all the different possibilities of what you could look for. Instead, you just watch everything and understand where the differences lie and when which ones are significant. And the more that you learn the environment and you understand that, the easier it becomes to get that and the more accurate you can also, it also becomes.
David: One of the number one complaints we hear about cloud and you hear it through many of the breach stories is misconfigurations. Hopefully with all this, you know, looking into behavior, you can see what is configured correctly and not correctly. Yes.
Meg: Yes. Yes. And actually, one of the things at Lacework that we do is it’s taking all of the information about the risks that you might have. So for a particular system, vulnerabilities are there misconfigurations, what IAM roles are associated with it. So you get a picture of what are the different paths that an attacker could potentially use to get in. And what we do is not only combine to give you that view of of what could potentially happen, but then we’re combining it by showing you what’s actively happening. So you could really get an understanding in a single alert if there is, you know, first of all, what’s what’s the risk level there, but then is there active exploit activity happening. So really getting a much more complete picture of where your risks are and what’s happening so that you can take better action.
David: Well, for more information on all of this, please check out Lacework. We love having you as a sponsor. They’re available at Lacework.com.