Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/17/2019
10:00 AM
Kaus Phaltankar
Kaus Phaltankar
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

The Life-Changing Magic of Tidying Up the Cloud

Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.

In 2019, most organizations are using the cloud. However, many businesses are paying for cloud services without a strategic plan that maximizes productivity and competitive returns while managing security and compliance benchmarks.

Like a new two-car garage that seems attractively spacious and infinitely useful at first (before it's overrun by tools, workbenches, and projects in progress), most cloud operations would benefit significantly from clean-up, alignment, and organization. It is essential for these companies to have insight into where their data is stored and who has access to what information.

In keeping with pop culture's recent focus on killing clutter that's hurting performance and joy, here are a few principles to tidy up and organize how your teams use powerful cloud resources.

1. Organize privileges.
For the sake of speed and cross-training, many companies have "flat" data access controls, giving practically any employee access to assets such as source code, customer data, and sensitive corporate financial info for the sake of multitasking and cross-training. This makes it hard to put reasonable controls on access and prevent unchecked risk, especially given employee turnover. Decide how much granular access controls you need over data. If your business is in retail, for example, your data requires different handling than electronic health records or attorney-client files.

2. Reevaluate risk and number of third parties.
The more partners, the higher the risk — that's just reality. So, to keep the attack surface/risk surface more manageable, assess which partners are truly necessary. In cases where providers can be consolidated pared them down to those willing to demonstrate a more serious commitment to security.

3. Map cloud usage to tame clutter.
Enterprises can license internal departments and users with cloud accounts to enable their teams to apply additional cloud-powered horsepower and fluidity to their respective missions. But the flip side of this is that cloud use can grow in silos, going astray from centralized oversight and policies. The key for these larger companies is to evaluate how internal teams are using the cloud. Taking inventory of what information is being stored and where it is essential to keep information secure. For example: How is the finance or HR team using Google Drive? How is the help desk or DevOps team using cloud services.

4. Securely dispose of what's old.
Just like shredding boxes of past bank statements or wiping an old PC's hard drive brings peace of mind, companies should securely tidy up by discarding any abandoned, orphaned, or partially (indefinitely) uncompleted projects in the cloud or on corporate networks. Developers, business development leaders and marketers often build proof-of-concept apps, databases, or other items that are fed live production/customer data, and that data might not be securely removed or wiped when the project is phased out. Because the cloud is so fluid, it's easy to securely dispose of these occurrences, once you account for them in policies and planned actions.

5. Organization takes teamwork.
Once you have done the heavy-lifting of cleaning out your cloud/IT footprint, slash the hours and lift upkeep going forward by creating a cross-functional team — for example, the heads of business units relying on the cloud in your organization (sales, IT, finance, developers). Get their commitment to meet regularly over lunch or coffee to talk through their cloud usage needs, priorities, concerns, and lessons learned. When everyone is on the same page, disconnects that cause a lot of duplication, silos, and clutter are eliminated.

In life and technology, organization follows accumulation. Like attics, workshops, and garages, cloud spaces are seized on by technical and business leaders across an organization for the sake of getting things done. Only when assets grow and activity increases does it become apparent that there might be a lot of clutter, waste, or potentially dangerous conditions in different areas. Fortunately for those of us charged with keeping IT organized and humming, automated and process-driven controls can help make tidying up happen every day. This gives SecOps teams more time for security and compliance management.

Related Content:

Kaus Phaltankar is the CEO and Co-Founder at Caveonix. He most recently served as a Senior Vice President for Dell Technologies. Before that, Kaus was Global President of Virtustream Security Solutions, a Dell Technologies company, where he was an evangelist and a technology ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
rapide
50%
50%
rapide,
User Rank: Apprentice
6/22/2019 | 4:17:36 PM
Clearly agree with this article
Clearly agree with this article. Before moving all of a company's IT services to the cloud, you need to think carefully about the needs.
Knowing who needs what.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1627
PUBLISHED: 2020-04-08
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending ...
CVE-2020-1628
PUBLISHED: 2020-04-08
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading...
CVE-2020-1629
PUBLISHED: 2020-04-08
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; ...
CVE-2020-1630
PUBLISHED: 2020-04-08
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...
CVE-2020-1634
PUBLISHED: 2020-04-08
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue ...