“Knowing is half the battle…”
I’ll admit, I was a big GI Joe fan growing up, and I always loved the little tips at the end for kids. And while “knowing is half the battle” felt a little trite to me (if only life were that easy), it is generally where any solution starts—cloud security included.
Hopefully you’ve already read Part I of my two-book series on How to CISO in the Cloud. In How to CISO in the Cloud, I break down my thoughts on how to tackle the feat of building a cloud security plan that works for your specific organization. For a lot of folks in our career, we didn’t learn how to do our jobs with cloud in the picture. We may have learned in an entirely different industry, and that’s the first takeaway you’ll find in Part I:
1. Know Your Company
What might have worked as a strategy for you in your last job might not be the right strategy for you in this job, so you have to understand the nuances of how your company does business, because nothing will derail a security initiative faster than trying to stand athwart the main driver of your revenue screaming “STOP!” In Part I of my guide, I break down key aspects of what it takes to understand your organization from the inside out, as well as the key players that help you along the way.
Once you understand your business, you need to understand the technology environment you have. As you look at your environment, you need to:
2. Know Your Risks
“Risks” is an overloaded term sometimes. In this case, I mean “look at the common hazardous elements in your environment, and how an adversary can chain those hazards together into attack paths that result in unpleasant scenarios for you.” In the eBook, I walk through a few common attack paths at a high level, and that can get you thinking about what risks you want to tackle first, second, third, and so on.
If you’re an Orca customer, we’ll auto-generate attack paths for you as we find linked hazards in your environment, so you can see the way attackers will move in your environment (or, “would have” moved, before you fix those hazards!).
Keep Things Simple with Your Cloud Security Plan
That’s it. Those are two key takeaways from Part I of the eBook. Whether you’ve been a CISO for a decade or it’s the first time in your career, I’m sure that fine-tuning an existing security plan or needing to craft one from scratch is consistently top of mind. I encourage you to read the guides, where I provide more in-depth information and examples you can use as templates for your own understanding.
Short on time? Join me in my webinar “Uncovering Hidden Risks in Your Cloud Environment” where I’ll explain more in-depth what’s in this blog post and Part I.