Question: What shortcomings do you see in people’s cloud security posture?
Shadow IT: Shadow IT can really haunt IT departments since IT typically has very little control over a user signing up for an account on a website using corporate credentials. Work with your different lines of business to identify what web applications are necessary for day-to-day operations, and marry those web apps up with web browsing history and firewall logs. Don't just be reactive; know what web apps your users log into, inventory those web apps, and make sure they are added to the annual (or more frequently if needed) user access review process.
Critical Vendors: If you're using a cloud data hosting provider, be sure to truly understand that vendor's critical vendors. If your cloud provider is hosting with Amazon AWS or Microsoft Azure, be sure the cloud provider is doing their due diligence and securing those cloud storage buckets appropriately.
Testing: Be sure to test the security of your critical cloud applications or storage. Remember, if you can see those cloud apps or data, so can an attacker from anywhere in the world. Be proactive with your cloud testing and get out in front of a potential attack, rather than being forced to respond to an incident that has already occurred.
Meet Our Expert!
Jon Waldman, CISA, CRISC
As an experienced cybersecurity executive and educator, Jon Waldman has worked for over 15 years to help hundreds of organizations be able to identify and understand cybersecurity risks, allowing them to make better and more informed business decisions. Jon is the Chief People Officer for SBS CyberSecurity, as well as the President of the SBS Institute.
You can ask our security experts your cybersecurity questions and they'll answer in an #askSBS blog post. Submit your questions in one of three ways:
- Submit your question here: https://lnkd.in/efCF7NK
- Use #askSBS in your own post with a question.
- Comment on one of our #askSBS social media posts with your question(s).
We're looking forward to hearing and answering your questions!
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.