Importance of Proactive Cloud Security

Are you addressing the root causes of your cloud security threats or just treating the symptoms? The Cloud Security Alliance's Top Threats to Cloud Computing 2024 report illuminates critical security challenges, but many of these threats result from overlooking foundational practices in favor of more complex solutions. My takeaways: 1️⃣ Misconfiguration and change control - Misconfigurations often signal that organizations advance to complex cloud setups without mastering the basics. For example, the Toyota data breach, where a decade-long exposure was due to human error and inadequate cloud configuration management, highlights the need for robust configuration management and continuous monitoring. 2️⃣ Identity & Access Management (IAM) - IAM issues frequently stem from inconsistent governance. The JumpCloud breach, where attackers exploited over-permissioned accounts and poor separation of duties, underscores the importance of regular policy reviews and strict governance practices. 3️⃣ Insecure interfaces and APIs - Securing APIs is crucial, but the rush to innovate can sometimes overshadow security. The Spoutible (an X alternative) API vulnerability, which exposed user data due to poor security practices, serves as a reminder to embed security into the API development process from the start. What can you do? 1) Focus on fundamentals: To address misconfigurations, prioritize strong configuration management and continuous monitoring. Look at tools like Prisma Cloud by Palo Alto Networks. 2) Regular governance reviews: Prevent IAM issues by regularly reviewing and adapting policies. Ensure all your applications are part of your IAM strategy, not just those supporting standards like SAML, OIDC, and SCIM. (Cerby can help you with these apps.) 3) Balanced innovation: Integrate security into development processes to avoid compromising security in a rush to innovate (see Secure by Design from the Cybersecurity and Infrastructure Security Agency). Focusing on the basics and doing them well can mitigate most of the risks in this report. Props to the authors Jon-Michael C. Randall, Alexander S. Getsin, Vic Hargrave, Laura Kenner, Michael Morgenstern, Stephen Pieraldi, and Michael Roza. #Cybersecurity #cloudsecurity #api Cloud Security Alliance

Today we all need to assume that there is a breach in our systems, always. The traditional approach to cybersecurity often focuses on preventing breaches. While essential, this reactive stance is no longer sufficient. The reality is that breaches are inevitable, and organizations must adopt a proactive "assume breach" mentality to protect sensitive data. Why is it important to be proactive? 1. By designing systems with the expectation of a breach, organizations can limit the damage caused by a successful attack. 2. Storing sensitive data in secure vaults, like Piiano's Data Privacy Vault, reduces its exposure and limits the potential impact of a breach. 3. Having a robust incident response plan in place is crucial for containing the damage of a breach. 4. Demonstrating a proactive approach to security can enhance customer trust and loyalty. Definitely, it will reduce costs and business disruptions too. Our team strongly holds the "assume breach" philosophy by providing tools and strategies to minimize the impact of a data breach by blocking data theft of the crown jewels safeguarded in our vault. By isolating sensitive data and empowering developers to protect information from the outset, Piiano helps organizations build a more resilient security posture. By adopting an "assume breach" mindset and implementing solutions like Piiano, organizations can significantly reduce the risk of data breaches and protect their reputation. Are you looking to implement an "assume breach" approach or discuss how Piiano can support your efforts?

🚨2024 Replay: Manage Cloud Logs for Effective Threat Hunting🚨 The NSA’s Cybersecurity Information Sheet (CSI) highlights the strategic importance of cloud logs for modern threat hunting and cyber defense. As cloud adoption grows, maintaining comprehensive and actionable logs has become necessary for organizations to defend effectively against advanced threats. Key Takeaways: 🔍 Enhanced Threat Detection: Cloud logs are invaluable for identifying suspicious activities like lateral movement or command-and-control operations. NSA maps these practices to MITRE’s ATT&CK® and D3FEND™ frameworks, emphasizing their importance for proactive defense. (I ❤️ D3FEND!) 🛡️ Tailored Log Management: The CSI notes, "Organizations must find a balance between logging requirements and resource constraints," underscoring the need to prioritize log sources and types based on threats, business needs, and available resources. 🌐 Learn from Real Incidents: Events like the SolarWinds breach demonstrated how attackers exploit gaps in API logging. NSA recommends capturing logs from critical sources, including authentication events, API calls, and short-term resources like virtual machines and containers. 🔒 Protect Log Integrity: Adversaries can manipulate logs to obscure their activities. NSA advises robust protections, including encryption, access controls, and tamper-proof storage, to ensure logs remain reliable for forensic analysis. 🚀 Practical Recommendations: Implementing SIEM and SOAR tools is key to managing vast log data effectively. NSA also highlights strategies like log filtering, aggregation, and retention policies to streamline operations while ensuring comprehensive visibility. The NSA emphasizes that cloud logs are not just technical artifacts—they are critical to building a secure cloud environment. From active threat hunting to enabling post-incident investigations, these strategies align with Zero Trust principles by ensuring every action is accounted for and traceable. 📅 This post is part of my year-end review of 2024’s most impactful cybersecurity documents. Critical guidance—like this from March—often fades after its initial promotion. Revisiting these documents provides an opportunity to refocus on recommendations that are foundational to enhancing security postures. 💬 Link to the NSA's CSI in the comments. #cloudcomputing #cybersecurity #innovation #zerotrust #threathunting #technology #bigdata #informationsecurity #riskmanagement  #computersecurity #cloud #cloudsecurity

Are your SaaS applications secure? That’s not the real question. Every organization relies on SaaS, but not all manage the risks effectively. Every new vendor, integration, and permission expands the attack surface. Unmonitored applications, excessive privileges, and misconfigured settings expose critical data to threats. The real question is👇 Are you securing your SaaS supply chain effectively? Proactive security measures prevent breaches, compliance failures, and operational disruptions. Ignoring them? That’s where the real risk lies. Instead of assuming security, start validating it. Ask yourself: 1. Are vendors properly vetted for security and compliance? 2. Do you have real-time visibility into unauthorized applications? 3. Are integrations monitored for excessive permissions? 4. Can you detect and respond to threats before they escalate? Reco provides AI-driven SaaS security that continuously discovers shadow SaaS, maps integrations, enforces least privilege access, and detects threats in real time. Instead of chasing vulnerabilities, gain full visibility and control over your SaaS ecosystem - without slowing down business operations.

I've been studying the work of John Benninghoff lately, particularly his insight that security performance is strongly correlated with general technology performance. This resonates deeply and aligns with my beliefs: Just like focusing on security brings compliance by default… Focusing on great engineering and SRE practices brings security by default. And this isn’t just a belief—it’s backed by data. A recent meta-review titled “Evidence-based cybersecurity policy?” by Daniel Woods and Sezaneh Seymour analyzed dozens of studies, including cyber insurance claims. It found the two most effective interventions to reduce breach risk were: 1. Attack surface management (knowing what you have and how it's configured) 2. Patch cadence (how quickly and consistently you update) These aren't exotic security measures—they're core engineering practices. John’s “three modes of security” model reinforces this, showing how the more embedded security is in everyday engineering, the more resilient and performant the system becomes. This is exactly why personally I got into security in the first place: to drive high-quality software through principled, proactive practices. I often say, “You must have an SDLC before you can have a Secure SDLC” because proactive security only thrives in a strong engineering culture. I’ll drop links to John's talk, his site, slides, and the paper in the comments. #securityculture #securitychampions #devsecops #sre #cybersecurity #evidencebasedsecurity #proactivesecurity #applicationsecurity #softwaresecurity #proactivesecurity

I have joked I hear Matt Bromiley say telemetry at least 100 times a day as I am onboarding with LimaCharlie But, it’s for a good reason… Telemetry is a game changer in cybersecurity… staying one step ahead of threats is crucial. It isn’t just about collecting data—it’s about gaining critical insights to keep our systems safe. Here’s why it matters: 1. Threat Detection: Telemetry helps identify unusual patterns that might signal a security threat, allowing us to act before it’s too late. 2. Incident Response: When a security incident occurs, telemetry provides detailed logs that are essential for understanding the breach and responding effectively. 3. Anomaly Detection: Continuous monitoring through telemetry flags anomalies, giving us early warnings of potential issues. 4. Forensics and Analysis: Post-incident, telemetry data helps trace attackers' steps, understand their methods, and identify compromised systems, strengthening our defenses. 5. Performance Monitoring: It ensures our cybersecurity tools are functioning correctly and efficiently, keeping our defenses robust. 6. Compliance and Reporting: Telemetry ensures we meet regulatory requirements by providing detailed records of security events. 7. Proactive Security: By analyzing telemetry data, we can spot potential vulnerabilities and take proactive measures to fortify our security. In short, telemetry provides the visibility and insight we need to protect our systems, respond swiftly to incidents, and continuously improve our security measures. And now, I’ve graduated! So you get to hear me talk about it 100 times a day 😉 #cybersecurity #cyber #telemetry #techinsight

Integrating machine learning into cybersecurity is becoming more critical for detecting and mitigating risks. A recent incident where the U.S. seized domains used by an AI-powered Russian bot farm that created fake social media profiles to spread disinformation underscores the escalating threat of AI in cyber warfare. Machine learning algorithms can sift through vast amounts of network traffic data in real time, identifying unusual patterns that might indicate malicious activity. This proactive approach is essential for combating sophisticated cyber threats. For instance at Corelight, we use machine learning to enhance network detection and response, allowing us to pinpoint threats more accurately and reduce false positives. This focus enables security teams to address genuine threats more effectively, enhancing our overall cybersecurity posture. As we navigate these challenges, it's important to discuss how we can further bolster our defenses and stay ahead of these evolving threats. https://lnkd.in/gTxtTk9v

I’m worried we’ve trained #SOC teams to celebrate volume — alerts, tickets, escalations. Here’s why that’s a risky and expensive problem: When you measure by alert volume, you’re learning how loud your system is — not how safe your company is. This alert-first mindset creates a culture where:  -Alert noise is mistaken for progress -Analysts chase symptoms instead of root causes -Teams burn out while real threats slip through #Breaches, costly upkeep, and massive tech stacks follow. When I hear a team talk in terms of alerts, my response is always the same: Show me what you’re preventing — not just what you’re catching. With a proactive mindset, you shift to: -Prioritizing high-risk signals over false positives -Responding based on business impact, not alert count -Gaining visibility across the entire attack surface Netenrich, Inc. helps enterprise security teams move from alert fatigue to actionable insights, reducing mean time to detection (MTTD) by 60%. My challenge to CISOs: Let’s stop reporting security effectiveness in terms of volume and start measuring how well you’re staying ahead of the threat through #efficacy. It’s not about more alerts; it’s about catching the right ones. #CyberResilience #SecOps Google Cloud Partners Google Cloud Security

I think you probably already know this, but it is worth repeating over and over:    Investing in security is a must.    In today’s rapidly evolving threat landscape, standing still in security means falling behind.     If we are not constantly investing in and maturing our security programs, we leave ourselves vulnerable—not just to breaches, but to losing the trust of our customers and stakeholders.    Last year at Domo, we took significant steps to enhance our security posture, particularly around detection and response capabilities.     We did this because you cannot protect what you do not see.     In a cloud-native environment where architectures are increasingly api based, microservices-driven and serverless, visibility is everything.     Threat actors are stealthier than ever, using the ephemeral nature of modern systems to hide and strike when least expected.    This is how we approached our security strategy:    1. Prevention: Stopping data breaches and compromises before they happen.   2. Detection: Building robust visibility to identify threats early, even in dynamic, ever-changing environments.   3. Resilience: Preparing for the inevitable and ensuring we can recover quickly with minimal impact.    Domo focused heavily on logging enhancements to improve forensic capabilities and incident response.     Now, our focus has shifted to resilience. This mindset ensures we are ready to contain and mitigate any incident, preserving trust and continuity.    Companies that prioritize security send a clear message to customers:     We value your trust, your data—and your business. It’s a differentiator that builds confidence and ensures long-term success.    For security leaders, the takeaway is clear:     Keep moving forward.  Stay proactive and adaptable.  Never, ever, ever get comfortable.    The threats will keep evolving.  So must we. #ciso #infosec #detection #response #resilience  

Microsoft recently admitted it let engineers in China help maintain its cloud systems for the U.S. Defense Department. Why this is important to know: even though American staff oversaw the work, those “digital escorts” often lacked the skill to spot malicious commands. That gap could make secret military data an easy target for cyberattacks. When a mistake like this happens, it shows how a single weak link in a cloud setup can put our national security at risk. The way this system worked was simple but dangerous. Microsoft hired U.S.-cleared workers to act as messengers for overseas experts. An engineer abroad would send instructions, and the escort would copy and paste them into the Pentagon’s cloud. On paper, U.S. personnel held the keys. In reality, they sometimes couldn’t tell if the code was safe. Lawmakers and the Defense Secretary quickly raised alarms. They demanded stronger rules to keep foreign nationals out of the most sensitive systems. After a ProPublica report exposed the issue, Microsoft said it has stopped using China-based engineers for Defense Department support and expanded its “Lockbox” review process. The company also promises more training and stricter checks on any team working with federal data. This change is a step forward, but it reminds us all how vital it is to watch every part of a cloud network. Staying alert and updating security rules can help prevent the next data breach. #Cybersecurity #CloudSecurity #DataPrivacy #ChangeYourPassword Follow me for regular updates on tech security insights.