“There are four key steps to create a holistic view of any security program - 1) create a team and assess the risks, 2) develop processes, 3) analyze contract portfolios and 4) develop risk management programs.”

“Security leaders should first assess their own teams, then the contracts and finally move to understanding what is required in the cloud environment to manage risks.”

“Understand what the cloud delivery model entails and what are the different types of risks that it can lead to.”

“SLAs and contracts are one of the most preferred risk mitigation strategies.”

“In any cloud contract there are three important points to consider - 1) definition of security, 2) security clauses and 3) actual terms of the contract.”

“Most tier 1 cloud providers come up with their own clauses,so understanding the maturity of cloud providers is critical.”

“Monitor and manage vendor risks by looking at a vendor’s financial, operational, and compliance data and if there is a change, you can adjust your contract.

“Currently there are three types of endpoint attacks that attackers are using  1) ransomware, 2) LOLBin attacks and 3) credential compromise.”

“The majority of recent cyber attacks have some kind of malware tied to them.”

“Unified endpoint management (UEM) are not security tools, they can be used to only manage your endpoint devices.”

“UEM is the future of endpoint management. In the long term, UEM will be a single point of control for configurations and updates.”

“Ransomware protection is critical for both traditional endpoints and mobile endpoints.”

“Don’t assume that because you have a secure email gateway your mobile device is completely secure.”

“Security vendors continue to innovate how they can provide maximum protection to the data that they host on a daily basis.”

“The new world reality is cyber-physical, as people, assets and technology increasingly combine due to macro trends driven by demographics, economics or geopolitics.”

“The next two decades will continue to merge the real and digital world.”

“Evolution of CPS is uneven.” 

“CPS is emerging in all kinds of industries, in all kinds of use cases - they can be called greenfield CPS. This includes precision agriculture, autonomous vehicles or personalized medicine.”

“CPS are foundational to digital societies. It will be increasingly true in the future.”

“CPS challenges traditional security concepts. Unlike IT systems where data is at the center, it is not the same for CPS as they capture real life information.”

“Privacy, safety and reliability, and in some instances survivability, are unique aspects of CPS that need to be considered.”

“Attacks on CPS can become existential threats. This is because CPS lives where your business value is created. They hold the most important information such as IPs, proprietary information, etc.”

“CPS exponentially extends the risk envelope.”