Mitigating Cybersecurity Risks in the Cloud

The following industry experts provide insights on ways to mitigate risk and improve the security posture of the cloud environment in the session: “Mitigating Cybersecurity Risks in the Cloud.” The session was a part of the Cybersecurity Midwest Summit 2022, hosted by CDO Magazine and ComSpark.

• Steve Searles, CTO, Liberty Center One
• Terin Williams, Cybersecurity Advisor DHS CISA (Department of Homeland Security - Cybersecurity & Infrastructure Security Agency)
• Rob Michel, Director, Cloud Security, Lenovo 

Jason Huebner, Zimcom VP and General Manager, moderates the session.

Michel stresses the importance of taking responsibility for and maintaining security when moving to the cloud. He suggests organizations implement firewalls, and hardening devices, adhere to CIA policies, monitor operations, and conduct threat models. 

Continuing, Williams suggests using multifactor authentication for cloud computing and recommends ‘Cloud Exploit’ as an open-source tool to gain better insight into Identity and Access Management (IAM).

Searles highlights the development of an automated auditing procedure that sends emails from vendors, informing users of active accounts in the system. He advises users to pay attention to these emails and delete any account which could be used as an attack vector. 

Regarding key management, Michel suggests organizations change passwords regularly, use multifactor authentication (MFA), and secure and rotate access keys to avoid code leakage.

Additionally, Williams recommends encrypting data at rest and in transit and setting up separate logins for security and troubleshooting. She states that incident response is more dynamic in the cloud than on-prem and points out the need for communication between the company and the cloud service provider. 

According to Michel, organizations must comprehend the reason behind cloud migration and list requirements before picking a tool. He also urges organizations to be cautious of commercial devices that promise a “silver bullet” solution.

Williams says planning and incorporating security from the beginning is essential for effective cloud platform usage. As part of Michel's cybersecurity awareness campaign, organizations can use existing corporate communication channels, such as newsletters, to conduct tabletop exercises and raise cybersecurity awareness. 

Williams suggests demonstrating the threats and their impact, utilizing storyboards to show how users’ actions could lead to something detrimental. She advocates educating users on phishing but not overdoing it because too many phishing exercises can cause users to become apathetic.

In conclusion, Searles addresses the need for cybersecurity training but urges organizations to keep it simple and concise to avoid fatiguing employees.

 Watch other Cybersecurity Midwest Summit 2022 sessions HERE