At Black Hat 2019 in Las Vegas, Enterprise Times talked with Sergio Caltagirone, Vice President, Threat Intelligence at Dragos and John Yeoh, Vice President of Research at the Cloud Security Alliance. With the skills shortage hurting many small to medium businesses (SMB), cloud is being seen, by some sectors, as a panacea to the problem.
Unfortunately, many SMB struggle to know where to start. There is a tendency to just throw their systems into the cloud and assume that responsibility and protection is now someone else’s problem. So where should they begin? Yeoh says that there are lots of places to start. The CSA provides a lot of guidance to help companies create a security baseline and understand where responsibility lies.
With the experience of supporting over a billion cloud users at Microsoft, Caltagirone takes a slightly different approach. He says that there are technologies that people shouldn’t run themselves such as: Active Directory and Exchange. Using hosted versions where the cloud provider can bring expertise to bear makes sense. The challenge is the nuance of other services and how far you want to go with putting things into the cloud.
Just throwing systems into the cloud is not a solution. Yeoh talked about the need for the right baseline requirements and controls if you are to get the most from the cloud. Caltagirone sees some companies getting significant return on investment from going to the cloud. These are typically those that are geographically dispersed with very large asset pools. He called out oil and gas, manufacturing and aerospace as examples.
This raises the question of whether cloud security service providers should employ specialist staff. Do they need engineers who understand IoT in addition to their other cyber security and IT staff?
To hear more of what Yeoh and Caltagirone had to say listen to the podcast.
Where can I get it?
obtain it, for Android devices from play.google.com/music/podcasts
use the Enterprise Times page on Stitcher
listen to the Enterprise Times channel on Soundcloud
listen to the podcast (below) or download the podcast to your local device and then listen there