Intelligent CIO North America Issue 51 | Page 40

FEATURE : CLOUD SECURITY
Q & A with Jon Murchison , CEO and Founder , Blackpoint Cyber .

Doesn ’ t the cloud provider worry about my protection ? It is their cloud and not ours . w

What aspects of cloud infrastructure and services might make an organization vulnerable ?
As in on-premises environments , every layer of the cloud stack can introduce potential risks . From the foundational cloud infrastructure , such as Kubernetes clusters , to the virtual machines like EC2 instances and the Docker containers running on those instances – each component requires thorough assessment . Additionally , cloud applications and the user access profiles tied to them can pose significant vulnerabilities .
Assessing cloud security means evaluating each layer individually and in relation to the entire stack . Modern security tools are evolving to provide comprehensive visibility , assessing risks holistically across the stack and considering the context of these resources to deliver a more accurate understanding of overall security exposure and act accordingly to safeguard .
Cloud providers prioritize securing their infrastructure but operate under a shared responsibility model . This means both the provider and the customer have distinct security obligations . The cloud provider is responsible for securing the foundational infrastructure , such as physical data centers , servers and the network . However , customers are responsible for securing their own assets within that environment – this includes managing data , applications , configurations , identity and access controls , monitoring for threats and ensuring security patches are applied .
In other words , while the provider safeguards the cloud , customers are accountable for securing what they put into the cloud .
Aren ’ t the default security settings provided by the cloud providers enough to protect against cyber threats ?
Relying on default settings can leave you exposed to a variety of threats , because they might not address the unique intricacies of your environment . While default configurations offer basic protection , they are not designed to defend against sophisticated and evolving threats . To strengthen your security posture , it ' s crucial to go beyond these defaults by customizing access controls , implementing detailed security

Brace for Impact : As cyber threats shift to the cloud , is your protection ready ?

40 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com