Businesses need cloud security architecture in 2023 more than ever to reduce their risk exposure while using the cloud for storing essential data
This is an exclusive interview conducted by the Editor Team of CIO News with Praveen Singh, Co-Founder & Chief Information Security Advisor at CyberPWN Technologies
Praveen Singh, Co-Founder and Chief Information Security Advisor at CyberPWN Technologies Pvt Ltd, Global 40 Under 40 in Cybersecurity 2023, Cybersecurity Influencer, and Blogger, is internationally recognised for his passion for technology, cybersecurity research, and building the global cybersecurity community.
Praveen offers advisory and mentoring services for upcoming CISOs while running many CISO communities across India.
The journey to the cloud is even more important for businesses today as we face the unprecedented operational impacts of the COVID-19 pandemic; I believe cloud adoption will accelerate further in 2023. Because of cloud adoption, businesses will need cloud security architecture in 2023 more than ever to reduce their exposure to risk while using the cloud to store essential data. Establishing trusted environments should be a business priority in order to ensure the confidentiality, integrity, and availability of cloud platforms.
Chief Information Security Officers (CISOs) have a key role to play in safeguarding the data increasingly stored in the cloud and mitigating cybersecurity threats, while also ensuring compliance with IT regulations, standards, and policies.
Here I have listed cloud security best practises for CISOs in 2023.
- CISOs need to determine which cloud standards to enforce. There are proven industry standards they can embrace, like the Center for Internet Security (CIS) Benchmarks (for AWS, Azure, and GCP), NIST SP 800-207, and SO/IEC 27001, ISO-27018, ISO-27017, ISO-27018, GDPR, SOC 2 Audit, PCI-DSS, etc.
- CISOs should appoint a cloud security officer in charge of a team with technical knowledge of cloud security.
- Training teams on cloud security best practises and enabling easy access to updated security documentation can empower employees to more easily spot security issues and act with caution when in doubt.
- Implementing a cloud security framework.
- Creating policies to monitor security and compliance.
- Periodic cloud security audits, continuous cloud security risk assessment, and penetration testing.
- Cloud security governance and contingency planning.
- Monitoring and Logging: Vulnerability and Attack Management; Traffic Monitoring; Log Management; Analysis; and Mitigation Strategies.
- User identity and access management with a zero-trust model (MFA, SSO, conditional access, access control, etc.)
- Data security (encryption in transit or at rest and key management) and CASB/DLP (data classification and control, data backup and restore, and data loss prevention)
- Network Security: Rules and Configurations, Firewalls, Security Group Specifications
- Monitoring and logging with user behaviour analytics (Threat detection, continuous monitoring and alerts, incidence and response, etc.)
- Hardware and Software Security: Physical security, scans, audits, patches, server hardening, configuration hardening, logical segmentation, etc.
- Cloud Application Security: WAF, Bot Management, API Security, D-DOS Services, etc.
- Adoption of security practises at every stage of software development (SAST, DAST, RASP, IAST, SCA, pen-testing).
- CISOs should implement cloud security based on cloud services (i.e., IaaS, PaaS, SaaS), CSPM, CWPP, CASB, CIEM, SSPM, etc.
If one thing is clear from the above list of best practices, it’s that strong cloud security relies on having the right tools in place. By following cloud security best practises and implementing the appropriate security tools, CISOs can minimise risks and take full advantage of the benefits cloud computing offers.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics