What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Threat Intelligence & Incident ResponseThreat & Vulnerability Management
1.9k viewscircle icon2 Comments
Sort by:
Director of Information Security in Finance (non-banking)4 months ago

I do not agree to @Adel Awad, it's not the Security that has to have the right to create new infrastructure in the cloud, but there has to be one dedicated and responsible team for the environment.
Architects build systems and services
Infrastructure team build templates for the container or cloud services
Security approves that
DevTeams just use templates and are not allowed to define their own infrastructure
CI/CD is an automated one-way street to PROD and the only way into it.
No interaktive service in PROD, if there is an error in PROD, fix it in DEV and start CI/CD

CIO in Banking4 months ago

You need to lockdown your cloud environment so that only the cybersecurity team is allowed to create an environment under your domain ownership, you also need to monitor the attack surface , such as storage buckets exposed to the outside world , lack of conditional access , etc… there are solutions that helps you monitor cloud security (Cloud Security Posture Monitoring)

Lightbulb on1

Content you might like

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Does your organization have a strategy to address disinformation risks?

Yes44%

Not yet – we’re working on it39%

No17%

Unsure

View Results

How are you diversifying threat intelligence sources? Have you been able to reduce reliance on CISA for TI?

Do you accept payments in crypto currency?

Yes, we do today.10%

No, but we plan to in the next 6 months.34%

No, but we plan to further in the future.10%

No, and we have no plans to.44%

View Results

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?