The need for cloud workflows has grown even faster as a result of the COVID-19 pandemic-caused shift to global remote work, and this has made building a secure cloud even more important than ever before, according to Michael Wylie, Certified Information Systems Security Professional (CISSP) and director of Cybersecurity Services at Richey May Technology Solutions.
Continuous Cloud Security Monitoring (CCSM) makes achieving a secure cloud easier, he said July 2 during the security breakout session “Quarantining your Cloud: The Return of COVID-19” at the Global Media & Entertainment Day event presented live, virtually, from London.
During the session, he discussed CCSM strategies, techniques and best practices, along with the common challenges currently facing organizations using public clouds.
Richey May has grown over the past 30 years to become a company with over 300 people, he said, noting his team handles content protection, secure network architecture and design, penetration testing, cloud workflow integration, Trusted Partner Network (TPN) assessments and readiness, and vulnerability scanning.
He went on to talk about a dream he had. It’s become a bit of an industry joke that when you hear a term like artificial intelligence (AI), cloud, end-to-end security, machine learning, next-gen or Software-as-a-Service (SaaS) that is “overly used and marketed,” he told viewers, “those of us who are hard-core technologists, we essentially make it a drinking game – if you see that at one of the conferences, go ahead and take a drink.”
As a result, his dream was to “come up with my own term,” he said, noting: “After much deliberation, I thought I finally had it [in] Continuous Cloud Security Monitoring…. I started putting websites out there and blog posts, and I was extremely happy about this.”
However, he made one mistake, he conceded. “I failed to do a little bit of due diligence on this. And what I realized is that Coca-Cola ended up stealing my dream. Apparently, they have the Coca-Cola Signature Mixes (CCSM) and they just overtook all of my search engine optimization — everything I had been doing around this CCSM topic.”
However, CCSM –- Continuous Cloud Security Monitoring and not the Coca-Cola drink — remains useful for M&E organizations.
Explaining why he selected the topic he did for the virtual online conference, Wylie said: “We’ve been seeing obviously since the beginning of COVID that a lot of our customers, clients and studios are talking around cloud and workflows – something that used to be a little more taboo.”
He pointed to a Forbes quote: “The COVID-19 pandemic may give businesses the jolt they need to move [to] cloud computing.” And he agreed with it, predicting “we may see a lot more cloud.”
The financial sector had that jolt already, but not the media and entertainment sector just yet, he noted.
One reason for the lack of a jolt in M&E until recently is that “content owners have been concerned about things within the cloud because of” several recent incidents, including 100 million records leaked at Capital One, 10.6 million MGM Resorts guest records compromised online and about 42 million Telegram app records compromised, he said. As a result, he understands why many M&E companies were initially afraid of the cloud, he said.
However, there is now just no escaping the increasing shift to the cloud, in part due to the massive shift to remote working, which many people have become used to now, he said. And it will be very hard to get people to return to the office on a full-time basis after they have now seen all the benefits of working remotely, he said.
Turning to a CCSM strategy provides ongoing automated detection and response to cyber threats, he pointed out, adding it also: “Continually reassess the security posture” of an organization; keeps up with the changing threat vulnerability landscape; provides increased visibility; creates a goal of timely incident detection; and focuses on data at rest.
Meanwhile, the global media dwell time – the amount of time between a breach and detection of it – has improved but is “still really bad,” he told viewers.
“I think part of the problem in cloud security” can be attributed to two issues, he said, adding: “One is the lack of understanding of the cloud and how it differs from normal architectures… and where the shared responsibility lies…. But also it comes down to alert fatigue.”
There is a need for a solution that is “actionable” when your data – your “crown jewels” – are available online and you need to be highly diligent, he said.
In order to build a defensible cloud, one thing that is important is to know what normal is, he told viewers. Without a defensible cloud, he explained, we will never know if it is normal or evil when: New instances are being spun up at 3 am in South Korea; 50 new instances don’t have names or tags ; a cloud account spins up 100 new servers; a cloud bill tripled last month; or there were 10 failed root login attempts.
He went on to give examples of specific potential steps that can be taken by M&E organizations. If you only use cloud resources in the U.S., you can set up alerts on any resources used outside the country. You can use inventory control and tag cloud resources. If your monthly bill averages $3,000, you can set a billing alarm for $3,300. If 10 failed logins is normal for your users, you can set alerts from failed logins sourcing from different Internet Protocol addresses, late at night or in quick intervals. And if your cloud usage is the wild west of security, you can implement cyber deceptive decoy “Honeytokens,” “Honeybuckets” or “Honeyusers.”
The fourth annual M&E Day event, presented by the Media & Entertainment Services Alliance (MESA), featured mainstage panels and more than 15 breakout sessions, covering the latest it data, cloud, IT and security across the media and entertainment technology ecosystem.
The event was presented by Caringo, with sponsorship by Convergent Risks, Cyberhaven, Richey May Technology Solutions, RSG Media, Signiant, Whip Media Group, Zendesk, Tape Ark, Sony New Media Solutions, 5th Kind, ATMECS, Eluvio, Tamr, the Audio Business Continuity Alliance (ABCA), the Entertainment Identifier Registry (EIDR) and The Trusted Partner Network (TPN).