Episode Summary

iland Cloud Technologist Brian Knudtson is joined by guests Leah Schoeb, Lindy Collier, and Sam Woodcock for a conversation about what customers should be looking for to secure their data in the cloud. They discuss external and internal threats to your business and hand out some helpful cloud security (and life) advice — never assume.

Panel

Cloud Conversations

Topic 1

[03:12] Let’s start with the shared responsibility model cloud introduces into the security puzzle. Can you describe what this means and how different cloud providers may approach this model?

Topic 2

[12:37] When it comes to introducing security into a cloud environment, there are new options that become available. Some providers may require you to bring your own security products, while others may provide “baked-in” or marketplace options. Can you compare and contrast these approaches and how they each may affect a customer’s approach moving to the cloud?

Topic 3

[21:38] We find out pretty much daily that threats to data are constantly evolving and can take many different forms from many different vectors. Can you discuss the biggest threats that companies should prepare for and how they might look different in the cloud?

Cloud Bites

[01:55] “Do not make any assumptions as it comes to security in the cloud.” – Lindy Collier

[02:32] “Security should be paramount to all organizations. It should really be embedded in their DNA and how they function.” – Sam Woodcock

[05:09] “The threats are not only external to attacking our applications on-prem and in the cloud, but it’s also internal.” – Leah Schoeb

[05:51] “It’s our responsibility to use best practices just as much as our cloud providers. And also take full advantage of the services and the packages that they offer.” – Leah Schoeb

[09:32] “The thing, I think, that really gets me is the fact that [ransomware providers] have help desks, they have support calls, they have maintenance, updates.” – Leah Schoeb

[10:31] “One of the most common ways that these ransomware attacks may attack an organization is through social engineering.” – Sam Woodcock

[14:54] “Does the cloud provider provide that for you, or is that something I’m going to have to do an add-on to?” – Lindy Collier

[17:32] “They’ll get in there, like a squirrel, and do all kinds damage to your data and your home before you even recognize the fact that something is happening.” – Leah Schoeb

[18:55] “Do they just take care of the physical security and physical host infrastructure? What level do they go into from an operating system and application perspective and do they get into networking and those other elements? To the point of this question, what levels of security are embedded by default and what do you need to do beyond that to secure the organization? – Sam Woodcock 

[21:15] “Who’s managing the patching of these security platforms? You’ve got security issues on your security technology.” – Lindy Collier

[25:22] “Say for example they’re utilizing our disaster recovery solution to recover, they also have the ability to test non-intrusively a copy of their production systems in the cloud with limited risk, low cost, etc. And what that allows them to do in tandem with the security technologies is actually provide on-demand vulnerability scanning and virus scanning and penetration testing against test copies of those systems.” – Sam Woodcock

[28:29] “You’re going to hit the low-hanging fruit first before you get to the stuff that’s harder. It’s not that you’re hack proof, it’s just that it’s harder to do.” – Leah Schoeb