Identity Security Best Practices
Session
Thursday, November 16, 2023 14:30—15:30
Location: Satelit
Log in to download presentations
Thursday, November 16, 2023 14:30—15:30
Location: Satelit
Watch the video
The realm of cloud security has been extensively covered in books and articles, yet a crucial aspect remains ripe for exploration. It revolves around the fundamental understanding of what your cloud service provider offers and, equally vital, where your responsibilities lie in the realm of cloud security.
When embarking on the journey of adopting a cloud service, the foremost question to answer is, "What aspects of security do I need to oversee?" In a traditional on-premises setting, roles are distinct: IT manages infrastructure, information and cybersecurity handles security, and application developers bear the responsibility for code integrity. However, the landscape is evolving, with many organizations embracing DevOps, where these responsibilities are often shared, and the lines between development and operations blur or vanish.
Regardless of organizational structure, the majority of security obligations reside within your company's domain when you use an on-prem environment. Transitioning from an on-premises environment to a cloud environment presents one of the most intricate challenges—a more intricate shared responsibility model for security.
In the context of cloud security, two paramount concerns need close attention.
The first is the risk of misconfiguration. In a cloud environment, misconfigurations can inadvertently expose sensitive data and vulnerabilities, underscoring the critical importance of ensuring that cloud services and resources are set up correctly to mitigate such risks.
The second concern is insider attacks. Cloud users often lack influence over the staff of cloud service providers, making it essential to consider the possibility of insider threats. While cloud service providers typically promise robust security measures in place, it's crucial for organizations to implement their own layers of security to safeguard against insider attacks and unauthorized access, fortifying the shared responsibility model in the cloud.
In my presentation, I will delve into these intricacies, providing valuable insights and real-world examples of what your cloud service provider can do, irrespective of your specific needs and/or preferences.
Watch the video
In today's dynamic cybersecurity landscape, safeguarding sensitive data and infrastructure from insider threats, while effectively monitoring supply chain and third-party users, is paramount. This presentation delves into the critical intersection of Insider Threat Management and NIS2 compliance, anchored in a detailed case study of a company subject to NIS2 regulations. We will explore a diverse toolkit and industry best practices tailored not only for achieving compliance, but also for streamlining cybersecurity processes through robust technical controls. Attendees will gain invaluable insights into seamlessly integrating cutting-edge tools and proven methodologies, ensuring unwavering compliance with NIS2 regulations while fortifying your security posture.