On the latest episode of IoT Unplugged, Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, discussed the key findings and implications of Tenable’s recently published Cloud security report.
The conversation focused on Cloud security, with Montel providing a brief history of the evolution of the Cloud. “We need to understand the evolution of the Cloud,” Montel explained. “Organisations went from on-premise (on-prem) deployment a long time ago towards the Cloud. When we look at that today, we need to think about a hybrid approach for the organisations that still have on-prem technologies.”
This hybrid approach introduces new security challenges, particularly because the traditional network perimeters no longer apply in cloud environments. Identity management, therefore, becomes a critical security control, as it is often the first line of defence in the cloud.
The report’s findings were particularly concerning, as Montel revealed that 95% of the 600 surveyed organisations had experienced a Cloud-related security breach. In the UK, 93% of respondents admitted that some of their sensitive data had been exposed in such breaches, with 55% acknowledging that these breaches had a significant impact on their business operations. Montel highlighted that this high incidence of breaches is indicative of the widespread security challenges that organisations face as they transition to the Cloud.
A big part of the episode focused on the skills gap in Cloud security. Montel pointed out that the rapid pace of Cloud adoption often leads to security being an afterthought, with developers and IT teams prioritising speed to market over robust security practices.
He mentioned that while some organisations follow best practices and frameworks like those provided by the Cloud Security Alliance, many others lack the necessary expertise and maturity to secure their cloud environments effectively. This lack of expertise is further exacerbated by the need to manage multi-cloud environments, which require familiarity with different platforms such as AWS, Microsoft Azure, and Google Cloud Platform.
To address these challenges, Montel suggested that organisations should invest in training and upskilling their teams in Cloud security. He also advocated for the use of artificial intelligence (AI) to help security professionals better understand and manage risks. AI can assist in identifying vulnerabilities, misconfigurations, and potential attack paths, providing contextual information that helps practitioners prioritise and address the most critical issues. However, Montel stressed that AI should complement human decision-making, rather than replace it, as the complexity of Cloud environments still requires human judgement and expertise.
To listen to Tenable’s findings from their Cloud security report, tune into the full podcast episode available on Spotify, Apple Podcasts, and at the link below.
Establishing priorities for Cloud security – IoT Unplugged
If the idea of appearing on the podcast to talk about IoT inspires you, feel free to reach out to us and pitch a topic you want to talk about and help us unplug the potential of IoT and explore the limitless opportunities it presents.