Closing Out The Year: A Reflection From ScaleSec's CEO, Marsha Wilson

The turn of the year is a good time to show gratitude and appreciation for the opportunities we are given and have earned. I'm hopeful that you also have wins and lessons learned that rounded out 2023 and are invigorating you for 2024 plans.???

We here at ScaleSec are grateful for all of our clients, big and small; some who are highly ambitious and some who are playing the long game. Just as we had friends of all ilks and backgrounds in high school, so is the range of teams we support as they each work to wrangle the cloud to their needs.

To illuminate some of our highlights:?

You may be surprised to learn we engage with non-profits, especially those whose mission it is to help children.?

• As we closed out 2023, we worked closely with a tight knit team to advance their environment and remediate IAM issues for a client running on AWS. It all started with an assessment and continued with a collaboration, bringing expertise and guidance while staying within their budget.
• As we kickoff 2024, they have asked us to stay another quarter and address more of their environment. With ScaleSec engaged, their team can focus on their mission.?

FedRAMP continues to be a big push.

• Many teams building on Google Cloud sought the experts here at ScaleSec to help them meet controls that will allow them to sell to government and military entities. As a Service Disabled, Veteran Owned Small Business, collaborating with teams looking to enhance public sector capabilities in a security-first, cloud-first approach is near to our hearts.?
• We ended 2023 grateful for three engagements in particular that crossed the year, with clients trusting us to bring all the details they need to build a system to pass their Authority to Operate (ATO) on an accelerated timeline.?
• I'm especially proud of the cloud-native landing zones for both AWS and GCP that we delivered in 2023.?
• We encourage anyone considering selling to the Federal Government: check out our White Paper to get the straight facts about effort, lift, and upside to adding Uncle Sam to your client list.

When you are a small fish in a big pond, the mission of a Fortune 250 company truly becomes your own.??

• In late 2022 we kicked off a relationship with a global retail team running multicloud international operations. Nothing about that engagement was going to deliver quick wins or easy answers.?
• As we engaged throughout 2023, we delivered many recommendations and even participated in production remediation efforts to help them move the needle on their most pressing and worrisome issues.?
• Though I know what our team did was monumental, when you are working in a follow-the-sun model, where there are as many personalities as days in the year, demonstrating success through the din was a challenge.
• We enter 2024 with additional engagements with this client--hard fought to show that value is more than bodies in a seat. Their trust in our team has continued to build and we are replacing a good number of incumbents, all with more recognizable names. To me, this is the definition of success and better still, value.?

In our cloud world, we note a couple of pretty awesome updates.??

From AWS:

“Egress Transport Layer Security (TLS) inspection for AWS Network Firewall is now available in all AWS Regions where AWS Network Firewall is available today, including the AWS GovCloud (US) Regions. This launch allows you to use AWS Network Firewall to decrypt TLS sessions and inspect inbound and outbound VPC traffic without the need to deploy or manage any additional network security infrastructure. Encryption and decryption happen on the same firewall instance natively, so traffic doesn’t cross any network boundaries.”

More here.?

Regarding Google Cloud:

“[they] patched a vulnerability that may have allowed malicious actors with access to a Kubernetes cluster to elevate their privileges and wreak havoc. Though Google claims it found no evidence of the vulnerabilities being exploited in the wild, an attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster," the company said in an advisory. Of note, the issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial compromise."

More here.?

As you are considering your own 2024 plans, if you find you are in need of a policy review, assessment, or just want to bounce your cloud security concerns off a sympathetic (and helpfully opinionated) professional, we’d love to hear from you.? When you email [email protected], your reply comes from one of our executives. No sales team filter here--it's all the same awesome “A” team from first touch to delivery. We’d love to help you with all things cloud, security and compliance.?

Want to Chat? Reach Out!

Grow Your Business Securely with Generative AI

Training will be critical for ensuring generative AI is used in a way that keeps your organization’s data and intellectual property secure. Learn more from our eBook!

Get the eBook

Struggling To Utilize Infrastructure As Code? Learn more about AWS CDK

Zach Beeler , a Senior Cloud Security Consultant for ScaleSec, breaks down the value of using AWS CDK to power secure IAC:

• Opinionated constructs
• Syntax simplicity
• CI/CD Integration

Expand Your Addressable Market In 2024: Our CEO's perspective on Public Sector sales

Learn more about how to weigh the cost/benefit of FedRAMP Authorization for your business:

• Stable revenue stream
• Reputation and credibility
• Reduced risk

Is your business outperforming on the cloud?

This is a question a lot of people don't have a clear answer for: Where is your company's cloud security practice the strongest & most fragile?? Take our free assessment to find out.

Take the Self-Assessment

Strategic Expansion: What Does it Take?

Not every business is ready to take on the complexity and high standards of FedRAMP compliance to expand into the public sector.? Our experts take you through the process of preparing for FedRAMP in this free white paper.?

Free White Paper

Connect with Us!

Considering cloud? Want to optimize and transform your existing digital portfolio?

Reach out to us.