Jason Sheffield, Sr. Sales Engineer at Netskope, made several great points about how enterprises can implement cloud security. Some highlights included:
- Data flows like water!
- Data exposure from mis-configured settings that does not constitute a breach.
- Is that cloud application your enterprise is thinking about using really enterprise ready?
- Think about shadow IT:
- Who’s buying it?
- What is the risk exposure?
- From a compliance perspective, how does shadow IT impact audits and compliance?
He suggested three quick wins for Enterprise IT:
- DLP policies for downloading sensitive data from the cloud, make sure you scrub test data, and don’t worry about nonsensitive data.
- Assess the security of your IaaS environment continuously.
- Consider using the same security policies against all your cloud data.
He told us about a great resource to check out – Adrian Grigorof’s article on Peerlyst, Mapping of On-Premises Security Controls vs Major Cloud Providers Version 3.2 Feb 2019.
Thank you, Jason, for a very informative meeting! If you’re an ISSA member, his slides are available here: https://www.issa.org/global_engine/download.aspx?fileid=8ED909AC-BCE6-4DB0-A67B-32DC463DA918&ext=pptx