#cloudchat Recap: Improving Cybersecurity Resilience
During the month of October, #cloudchat has focused on all things cybersecurity in honor of National Cybersecurity Month. This week, we teamed up with an army of experts to identify the best ways to improve cybersecurity posture and operational resilience.
Our security pros agreed on the value of distributing internal security talent and the importance of a proactive approach, but there was a healthy debate about the usefulness of “war games”. Let’s dive into this week’s discussion!
Miss a #cloudchat? We have all the #cloudchat recaps here on the blog!
We were joined by Director of Strategy for Rackspace Managed Security Jarret Raim and Rackspace Managed Security Director of Operations Daniel Clayton. They teamed up with other #cloudchat experts in the industry, including Red Hat’s Thomas Cameron, Cloud Tech Partner’s Ed Featherston, Cybric’s mike d. kail, App River’s Jim Nitterauer and Cybersecurity Management Consultant Ricardo Diaz. The group debated the following questions:
- Q1: How can businesses move from a reactive #cybersecurity approach to a proactive one to better identify and remediate threats?
- Q2: How useful are “war games” (i.e., staging mock cyber attacks to test your security response) to improving operational resiliency?
- Q3: Is most of your internal security talent part of a Security Operations Center? Or distributed across multiple teams? Why?
- Q4: How can security and IT pros better encourage more timely, regular system patching and upgrading to reduce the risk of a breach?
- Q5: How have you overcome challenges related to satisfying data security compliance standards like HIPAA and PCI-DSS?
- Q6: To what extent can Managed Security Service Providers help businesses improve their security posture and data protection? How?
Keeping in trend with past #cloudchat themes, several chatters explained you must consider a proactive cybersecurity strategy from the start. Thomas Cameron made this point stating you should, “build security in from the design meeting on.”
Ed Featherston took this point a bit further, explaining a proactive strategy is not “once and done.” Teams must continually review, validate, and redesign accordingly.
Whether security talent should be part of an operations center or distributed across multiple teams seemed like a no-brainer to many cloud chatters. Mike d. kail was clear that security talent should be embedded into other groups, sharing, “collaboration is key.”
When the discussion turned to war games, there was a bit of healthy debate. Several participants, including our own Daniel Clayton, felt war games were vital to build muscle memory and identify gaps.
On the contrary, mike d. kail felt that war games were not very helpful, mentioning “testing response is reactive, not proactive.”
Finally, Thomas Cameron summed up the conversation well, explaining no one part of your security strategy is the complete answer.
Want to read more of the conversation from #cloudchat 13? Explore the Twitter Moment below to hear from this week’s experts. Join us next Thursday at 11 a.m. CST as we wrap up the conversation on cybersecurity.