Becoming the Enemy - Securing the Cloud with Attack Simulation
Murray Pearce
Threat-Informed Defence Strategy | Mental Fitness in Security | Managing director & Co-founder
How secure is your data when it’s stored in the cloud? As cloud storage becomes more common, for both commercial and business use- protecting the information you store in the cloud is becoming increasingly important.
Out of sight, out of mind - ?Some might say.
But only because your data isn’t physically on-site, it doesn’t mean that it’s untouchable.?
You might be familiar with the shared-responsibility model in the cloud. In its simplest terms, it denotes that cloud providers are responsible for the security of the cloud, while users should be responsible for securing their data.?
So, by this definition, security is also a shared-responsibility model.
The cloud user, as well as all the application and network configurations, are responsible for managing access to data and cloud services. For this reason, it increases the complexity of the user policies and the governance model used.
The reality is that it is more likely to find permissive policies that give more privileges to the user than those needed, increasing the impact of any compromise.?
That’s why optimising cloud security is so vital. Sometimes the only way to do this is to…
Become the enemy
*Insert evil laugh here*
Checking your Security Surface
Credential compromise is an important concern for any organisation operating in the cloud.?
The associated impacts vary widely, but ultimately this compromise can lead to access and theft of important corporate information. There are many security controls that should be enabled in your cloud accounts but, how do you know if they are working effectively?
领英推荐
In order to understand your security posture, it is necessary to simulate threats continuously to identify if they are detected or not.?
You can simulate the threat manually, or use a platform that allows you to automate all the processes with relative ease.
A great platform will offer predefined assessments that you can deploy at the click of a button. The scenarios are provided and, for instance, can simulate a credential theft and authorised access into confidential ‘areas’.?
All automated, and extremely efficient.?
Tracing a Breach?
Logs are needed to trace any malicious activity in your cloud account. These logs can then verify interactions carried out by a simulated scenario.?
This will inform you whether your security controls are working.?
Cloud infrastructures are continuously changing, so there is still a need to automate the process to execute your assessments periodically.
And with the right platform, this can become a regular part of your security hygiene and optimise your use of the cloud.
If you’re not sure where to start when it comes to simulating and testing your existing security systems, send me a message.
I can point you in the right direction.
Empowering chiropractors to create Practice Fun in 90 days: Increased ???????????????? ?????????????? and ?????????????? ?????????????????? | Founder of Doing More Business | DM me ?????? to get started
2 年Being able to test your defences regularly is a great exercise to do by simulation to ensure that there are no gaps in the prevention of attacks.
The Executives Coach ?? For C&D Suite & Senior Leadership Teams Ready to Lead Brightly? ??Imposter Syndrome Specialist ?? EI & Leadership Skills Development ??#1 Best Selling Author?? Keynote Speaker ?? Mum ?? F1 Nut
2 年Just because your data is stored in the cloud, never means that it is out of sight from a CyberCriminal, testing cloud environments must become a priority.
Head of Chambers at Mercantile Barristers | Barrister | Construction & Engineering Law | Sports Law
2 年Looking from an attacker's perspective can be really helpful when trying to spot flaws in your CyberSecurity.