Why Is Cloud Security So Hard? (Hint: It’s Not)
Securing a new environment without knowing the rules of the road can be hard. Take the time to learn the rules and avoid speedbumps.
Part 3 of a series that relates information security to replacing and constructing a shingle based roof (you need to measure more than once)!
Yes folks… This. Is. So. True.
I saw 21.5″ but actually measured 20.5″! Blame fatigue, blurry lines, lack of coffee, whatever… if I had taken an extra second to double-check my measurements, I would have had a good piece of wood and not an addition to the scrap pile.
When pushing your security changes to production, being super careful that you don’t bring down the website with that ill-planned security group or firewall rule is measuring twice. Checking that you don’t mistakenly open that S3 bucket to the world instead of just another AWS account is measuring twice.
You get the point.
Although I had extra wood that day and I simply laughed off the mistake, the situation may not always be so laughable in Information Security.
Check, test, check again!
Although this wisdom can be applied to almost all parts of life, in Information Security, we are under extra scrutiny. We have pressure on our shoulders to ensure security environments are safe. We oftentimes have to measure three, four, five, or more times before cutting.
Need help measuring and cutting your cloud environment? I’ll bring my measuring tape and a combination ruler, and we’ll go at it. You can reach me at firstname.lastname@example.org.
If this article was helpful to you, consider subscribing to my weekly newsletter, where I share my latest commentary as a vCISO for high growth startups.
Check out how we help startups accelerate and level up their security programs through vCISO (CISO As A Service).