Amit Megiddo
π€ SpeakerAppearances Over Time
Podcast Appearances
All right, Amit, I'm throwing the same thing to you.
I guess the question is, how do you let your staff know how to operate completely without you?
Quote, business wants to go quickly and time to value is absolutely important.
Cyber becomes an afterthought, end quote.
For EY America's Ayan Roy, as quoted in a recent CSO online piece, cloud misconfigurations aren't a technical problem.
They reflect organizational priorities.
Dev teams spinning up resources with elevated privileges.
They never walk back.
Security teams excluded from the conversations that matter and security sprawl from M&A are the symptoms.
And the cloud providers aren't helping.
Microsoft, Google, and Amazon hand you an insecure product by default and leave you to figure out the rest.
Exposed S3 buckets are a trite cliche at the point, yet the misconfigurations are worse, not better.
70% of Azure VMs are misconfigured, 63% of Google Cloud Platform.
So if the tools, the frameworks, and the awareness all exist, why does this keep happening?
Is cloud security fundamentally a business velocity problem that security is always working around?
What's one structural move a CISO could focus on, Amit, I'm throwing this to you, that would make the biggest difference in turning the tide on misconfigurations?
By the way, this is a story that comes up again and again and again.
What's your take?
By the way, we're going to get more into this secure by design a little bit later in the show, but continue on.
All right, Andy, your take on this as well.