The Security Detail is a podcast series by SURGe, Splunk’s strategic security research team. Every other week, co-hosts Audra Streetman and Kirsty Paine interview security experts about the cyber threat landscape across different industries.
Episode 8 features an interview with Sean Heide, Technical Research Director at Cloud Security Alliance (CSA). Heide spent eight years in the US Navy as an expeditionary warfare intelligence analyst. He completed a bachelor’s and master’s degree in information technology management with a specialization in cyber security. Heide currently manages the many research portfolios presently at CSA to include ChatGPT implications and usages, top threats, cloud change management and enterprise architecture. Much of his focus now is helping c-suites stay vigilant with security strategies and staying up to date on security adoption across the enterprise. Below are the top takeaways from Heide’s interview:
1. Identity and access management (IAM) is a priority
Heide highlights that identity and access management, particularly in the context of cloud computing, has become a significant trend and a top concern for organizations. Insufficient management of identities and credentials poses a major security risk, and the end user remains the weakest link in terms of security.
“I always say this actually in personal research, the end user is your number one barrier for security and it doesn't really matter if it's cloud or on-prem, that end user is always going to be the key role there,” Heide says.
2. Misconfigurations are more common than you think
Heide emphasizes that misconfigurations, especially in account and key management, are a recurring issue in cloud security. If an application or a cloud instance has been purchased by a department that no one else knows about, especially security, baseline misconfiguration may be left open. These misconfigurations include poor password security, lack of access control and failure to implement proper logging and change control measures. Proper configuration management and monitoring are crucial for mitigating these risks.
3. Risks and responsibilities belong both with enterprises and their vendors
Heide stresses the need to analyze the security practices and vulnerabilities of vendors and their subcontractors. “I think it's critically important to utilize things from CSA where we have a shared responsibility model that's vendor neutral,” said Heide. “We go to Microsoft. They have a shared responsibility model. And I think it's important to really understand what it means to go to cloud.”
The conversation also raised the misconception that cloud service providers bear all security responsibilities; organizations must have a clear understanding of their own responsibilities in securing cloud services — and carefully evaluate the security posture of their vendors, too.
Listen to the full interview here. To learn more about The Security Detail podcast and listen to more episodes, visit the security detail.podbean.com.
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.