Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
Security Operations in the Cloud – the AXA experience – Webinar 24 June 2020
24 juin 2020 – Cyber Security Coalition
How to make solid security a valued companion on a cloudification journey? In the fifth webinar of the Cloud Security focus group, Mathias Claes, Information Security Officer at AXA Belgium, chronicled the process of introducing cloud services, as Azure and Amazon AWS, in the transformation of AXA’s IT solutions. Including solid advice on ‘do’s’ and ‘don’ts’.
As the consumption of cloud services undeniably will explode, AXA instituted a cloud strategy, based on group wide input and a broad study of attackers’ opportunities (e.g. leaks of cloud credentials). It requires changes in security approach, security event management and a culture shift (with security brought close to devops). He described necessary organizational changes, based on the principle of “you build it, you run it, you secure it!” A cloudification team provides support in this to product teams. He presented a simplified evaluation flow for AWS as an illustration of how things work.
From a security point of view, he listed several key controls with need of extra consideration (IAM, auditing, networking, monitoring and back up), as well as the need to define a minimum technical security baseline (mapped on the 27K framework at AXA).
Obviously, there are still plenty of challenges ahead, with in particular the need to acquire additional overall cloud expertise (e.g. regarding incident handling). This includes the need for good management of multiple clouds. Also, companies must find a balance between speed and control, preventing projects to continue too far without considering security aspects. And important, one must strongly object to exceptions being made.
Finally, Mathias Claes listed several helpful resources by Enisa, the Cloud Security Alliance, Azure (e.g. Azure Security Compass) and AWS.
Nos autres articles
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.
This webinar presents the building blocks of an effective organization-wide risk management and explains the requirements for IT risk management certification.
In this Cyber Talk you gain insights in advanced threats outside your organisation and what you could potentially do to protect you from them.
In this first webinar of the GRC: Be Connected! series, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.