The world has changed!

The cloud has changed network perimeters bringing new opportunities but also threats. The traditional methods employed by IT security personnel are no longer sufficient. It means the way business owners work, MUST change. A new paradigm is needed, one which assumes breach. Business Owners must operate on a zero trust model. Do not assume that your resources are safe just because they are in a cloud provider’s data center. Cloud security cannot be abdicated, it is a shared responsibility of your company and your cloud provider.

In a nutshell security personnel must Protect, Detect and Respond.

In the next sections we’ll unpack these 3 areas

Some things are in your company’s control. Security personnel must best protect their assets. Given, identity has becomes the new perimeter improving access controls is a form of protection that must revised.

• Consider Multi factor authentication to company resources.
• Move to biometric-based access
• Move to conditional access of resources in where Just in time principles and least privileges access are adopted.
• Move to role based access.

Another aspect that is in your control and that can help you protect your assets is improving your company’s security posture.

• At minimum, be at all times aware of the inventory you control, finds a solution which at real time can inform on the status on your assets. And then eradicate any known threats based on the status.
• Security is most vulnerable when new changes are implemented, so be proactive and work closely with devops team before changes are installed.
• Identify security shortcomings in the Systems development life cycle. Look for erroneous sharing of secrets and keys
• Try and use proven templates when deploying assets.
• Encrypt data where appropriate
• Find a tool that can help rate your posture against regulatory/best practice frameworks such as PCI or ISO 27001. then act on the Recommendations of those tools. These assessments or ratings can be useful to share with the company’s auditors.

Another area that can be improved in protecting your company’s assets is protecting the network.

• At minimum employ firewall services which include web application filters.
• Do not design a flat network, rather create a micro segmented network.
• Lock down open IPs and ports using just in time principles.
• Install endpoint protection on all devices.
• DLP policies must be reviewed

By choosing products and tools wisely while protecting the company’s assets, detection can become easier. Some things that can be be done are.

• Today, one must leverage AI. Hacker do, so too must you. The amount of information to process is too much for any human or even a team of humans. Use AI.
• Choose and endpoint protection tool and events management tool (SIEM) that integrates with an AI tool in the cloud or on-prem that can analyse better than any human can do, to discover pattern anomalies. The anomalies can alert the security personnel to any funny business that may be happening.

Responding to threats must be treated case by case, but if you have protected your assets and made sure that detection is working optimally. A response could be as something as simple as remotely wiping a device or to shutting down a segment of the network.

• Consider creating scenario plans to help evaluate the risk and appropriate responses to those scenarios.
• Share these plans in a IT-jargon free way with senior management
• Create communication plans based on these scenarios. Inform Senior management sooner than later.
• Don’t panic.
• Implement your response plans.

In summary. These are few technology agnostic best practice approaches your security personnel can follow.

If there is one thing you can take way.

Protect, Detect and Respond.