Last week, Obsidian joined forces with Capsule8 and Signal Sciences to host the second annual Cloud Native Security Summit, an invite-only event for senior security and IT leaders in San Francisco. The closed-door summit brought together over a hundred attendees, including execs from large financial companies, hyper-growth tech, and government agencies.
Having done my time at tradeshows and big conferences, I prefer smaller events where security professionals can get together about specific topics that are at the top of their minds. That was the idea behind the Cloud Native Security Summit, where challenges and considerations around securing cloud environments and cloud-native applications took center stage.
Here are a few of my top takeaways from the event:
1. Even as organizations double down on cloud adoption, security is a top concern. Organizations have gotten comfortable with moving their business workloads and processes to the cloud. There is organizational know-how around using cloud-native technologies and architectural models to make full use of the cloud. The massive growth of SaaS, containers, serverless and DevOps practices is testament to that. Even in this cloud-first era, confidence in the organization’s ability to secure cloud workloads is lagging.
2. According to ESG’s research, 90% of security teams worry about not having visibility into privileged accounts, misconfigured cloud services, server workloads, or network security. 83% also report concern about the misuse of privileged accounts by insiders.
3. Even if you put your data and workloads in someone else’s system (as with SaaS or IaaS), you are still responsible and accountable for the protection of information. The shared responsibility model is straightforward to understand, but security teams are still figuring out how to adapt their security tools, processes and methodologies in a world where their data is sitting on systems they don’t own, and their users are accessing this data using devices the org may not be able to control.
4. Detecting threats in the cloud remains a challenge, and organizations haven’t figured out how to run detection and response in systems they don’t own. Threat detection has relied on having a consolidated view of systems, users, privileges and activity across the entire footprint. In the cloud, this data is fragmented and siloed in the various SaaS apps and cloud platforms. Security teams have to learn the permissions models and data formats for each of the services they are protecting, and figure out how they can get the data they need to run detections. This is no easy task.
5. The unknown unknowns keep security leaders up at night. The line between insiders and outsiders is getting blurred, and the secure network perimeter eroding. Not every person who accesses the company’s data is a full-time badged employee. A significant number of data breaches and security failures in the cloud over the past 18 months were caused by business partners and contractors.
Cloud security is a dynamic space where new threats are being discovered every day and security teams are still figuring out their playbooks. But one thing is clear – there’s no putting the genie of cloud adoption back in the bottle. We need to work together to level up security in the cloud.