In 2012, the Cloud Security Alliance (CSA) produced a survey which helped to articulate the most pressing issues in the cloud computing space. The group released the Notorious Nine report, which followed critical threats to cloud security, from data breaches and loss, to account hijacking and denial of service, to malicious insiders and nefarious use.
The Notorious Nine later expanded to become the Treacherous 12, but for many organisations, a whole decade on, the issues still pervade. Take two very recent reports as an example. A study from Osterman Research, on behalf of Ermetic, found 84% of the more than 300 organisations polled were only at an entry level with their cloud security capabilities.
Meanwhile, a report from ClearDATA argued that healthcare providers ‘may be overconfident in their cloud maturity and cybersecurity preparedness.’ The report argued this because of a ‘significant disparity’ between how C-level executives and other levels of management characterised their cloud maturity.
It is of course worth pointing out that Ermetic, as a cloud infrastructure security platform provider, and ClearDATA, as a managed cloud and defence provider for the healthcare industry, have an interest in the way these results are reported. That said, 56% of respondents in the ClearDATA survey said they saw cybersecurity as their biggest barrier to cloud adoption – so security will continue to remain everyone’s responsibility.
The Cyber Security & Cloud Expo Europe, being held at RAI, Amsterdam on September 10-11, will showcase myriad examples of how innovative organisations are architecting their security stacks, with areas such as Zero Trust, DevSecOps and deepfakes top of the agenda:
- Prashant Agarwal, Booking.com, will review cloud vulnerabilities in 2022 and explore the key concern of data security amid increasing adoption
- Rene Pluis, global cyber security remediation manager at Philips, will look at cyber security and cloud in healthcare
- Raviv Raz, cyber and AI innovation tech lead at ING, will look at whether AI will help save the security staffing shortage or lead to a dark future
Ermetic are also participating at the Europe event. Tafi Makamure, senior solution engineer at Ermetic, will run through the company’s lightweight, easy-to-understand framework that helps organisations build, and design a cloud security strategy.
Meanwhile, at the Cyber Security & Cloud Expo North America, being held at Santa Clara on October 5-6, there are interesting sessions which focus squarely on industry examples and use cases. Srinivasan R, senior manager cyber technical and Kavitha Venkataswamy, director digital product security at Capital One will present third-party software supply chain attacks and defences on web and mobile applications, and how threat modelling can help identify supply chain threats. Elsewhere, a panel session will explore countering hybrid threats in the global supply chain, and the legal implications of using AI as a countermeasure.
Another important area which will be explored at the events is with regard to the convergence of technologies. Blockchain, AI, IoT – it all needs to be secured. At Santa Clara in October, Darktrace will explore the perils and promise of AI in cybersecurity, while Aviatrix will look at how DevSecOps can dramatically accelerate app development cycles.
Cyber Security & Cloud Expo – 20-21 September 2022 at RAI, Amsterdam. Book your tickets here
Cyber Security & Cloud Expo – 5-6 October 2022 at Santa Clara Convention Center, California. Book your tickets here