Will the complex nature of information security in cloud-native / cloud-agnostic organizations require greater time/personnel investments?

I think sometimes when we take a look at some of these services and the way that our teams are moving, we're very fastly connecting to the cloud. We have a lot of strategic initiatives where we're cloud agnostic and connecting with our strategic partners, either through direct S3 bucket interaction or through API connections and the concept around doing that in an ethical manner and proving out what is secure, is changing at a rapid pace.

Anonymous Author
I think sometimes when we take a look at some of these services and the way that our teams are moving, we're very fastly connecting to the cloud. We have a lot of strategic initiatives where we're cloud agnostic and connecting with our strategic partners, either through direct S3 bucket interaction or through API connections and the concept around doing that in an ethical manner and proving out what is secure, is changing at a rapid pace.
1 upvotes
Anonymous Author
Zero trust is a major focus now and a different approach altogether. We've now almost come full circle from the security front to say, “We’re not trusting anybody. Sorry.” But that’s the wrong answer. Then it’s, “Okay, we'll give you nothing.” It's been that way in access controls for years: What is the least privilege? I can remember doing a Systems Applications and Products (SAP) project. People will say they need SAP-All but what for? They have to tell me specifically what they need to test so I can give it to them. But we've become used to giving everybody everything, as opposed to giving everybody nothing and then really taking the time—and that’s the key, time—to figure it out and to do it well, and to give people only what they need to do their jobs effectively.
2 upvotes