Despite industry-wide hiring freezes as a result of COVID, Accorian has established its first university recruitment channel with UPES Dehradun for their security graduates; having hired two members from the university to our team in 2020. This year alone, Accorian has grown 150% since the start of COVID across all levels, adding breadth and depth to our compliance and security teams. Accorian is looking to carry this momentum into 2021 with 6 more junior positions opening up in January in concert with more experienced roles. As this growth continues, Accorian will continue to establish new campus-recruitment channels to ensure we are finding the best talent to grow with us to become leaders in the industry.
The role of university-recruitment is crucial to the growth and culture of any company. Whether it is an intern, a full-time employee, or a leader, Accorian is committed to creating an atmosphere of growth, camaraderie, and accountability for every member of our team.
Accorian is a full-service cybersecurity, compliance, and consulting firm helping companies improve the way they approach and manage risk. Accorian is always looking for driven security enthusiasts as we continue to grow. If you feel you are a good match for our team, email us at firstname.lastname@example.org with your resume and a paragraph on how you would like to grow in your role.
If you are a campus administrator and would like to partner with Accorian for pre-placement and recruitment talks, please email email@example.com to schedule a call with our head of recruitment.
The last 2-3 years have seen a spike in the adoption of cloud especially among organizations who had possibly never thought about moving to a shared environment due to security concerns like large corporations, banking, financial services, etc. The main drivers have been efficiency, easiness, flexibility, scalability, lower TCO among others. This adoption was further fueled in 2020 due to COVID-19 and the requirement to support remote working, collaboration, faster scaling, etc.
This has also fueled another type of growth; but the not favorable kind – Attacks on cloud assets. This has swiftly joined the ranks of the top favorites of hackers due to the nature of information being stored on the cloud.
A majority of companies on the cloud believe that securing their assets is the sole responsibility of the CSP and hence, they ‘over trust’ & think that they’ve ‘transferred their risk’. But, it’s further from the truth.
Per a recent McAfee report, 69% of CISOs trust their cloud providers to keep their data secure, and 12% believe cloud service providers are solely responsible for securing data.
The shared responsibility matrix illustrated aims to throw light on the subject –
In a nutshell, if you’re on the cloud, then the CSP will secure the cloud operations and you will need to secure everything that you have on the cloud.
Hence, you will need to secure the following among others:
Identity & Access Management
Client & Endpoint Protection
Data classification & accountability
OS, Network & Firewall Configurations
Network Traffic Encryption, Server-Side Encryption & Data Integrity
Secure management and control of terminals that access cloud services, including hardware, software, application systems, and device rights
Data – Security, Compliance & Privacy
Interestingly, even your data isn’t encrypted by default and needs to be turned on by you.
It is stipulated that by 2022, over 90% of the cloud security failures will be due to misconfigurations & oversights by end organizations. With over 96% of businesses either completely or, partially on the cloud, it is critical for organizations to develop a strategy for securing their cloud presence.
Hence, cloud ops teams need to view this as their servers & assets that they need to secure rather than hoping to transfer risk.
Some common types of threats/attacks/hacks in the recent past –
Poor Access Controls
Hardcoded keys & credentials in the code
Misconfigured Cloud Storage (Commonly reported as Leaky S3 Buckets for AWS)
Security Group Misconfiguration
Poor access management & permissions
Loss of control over end-user actions
Shared Tenancy Flaws
Our cloud security experts prescribe the following immediate steps for securing your cloud –
Train your staff & help them understand the shared responsibility matrix
Understand & document your crown jewels in the cloud and locations of critical data
Leverage Segmentation to segregate various workloads & resources especially production, instances with client data, etc.
Understand the level of failover, business continuity & disaster recovery provided by the CSP and how it impacts your cloud operations
Review who has access & their rights across the board
Update your firewall rules
Understand the configurations, settings & other controls that end clients can impose on their cloud presence
Enable Backups and Logging & Monitoring
Run a vulnerability scan to ensure your cloud assets are devoid of vulnerabilities. This will aid in detecting the ‘low hanging fruit’ vulnerabilities. You can start with an unauthenticated scan & then progress to an authenticated scan
Draft & publish your cloud security policies and procedures
Conduct a cloud security configuration review to verify & ensure no misconfigurations on the platform or, end assets especially in your end workstation/server instances & storage
Request for your CSP’s latest security credential/certification to assess & understand the controls you would inherit and gaps you need to wary of/compensate for
Conduct a penetration test to detect further weaknesses & gaps
Leverage a benchmark for evolving into a secure cloud operation. A few examples can be CSA’s Cloud Security Services Management (CSSM), CIS Foundation Benchmarks for AWS/GCP/Azure
Commission an internal auditor, external vendor to conduct a thorough cloud asset to detect deficiencies & draft a mitigation roadmap
Accorian‘s deep expertise in implementation & securing cloud along with the mindset of ‘thinking like an attacker’ has aided our clients in building and maintaining a secure cloud presence. Our services cover every aspect of cloud computing and ensure that you are secured end to end.