During her presentation at the inaugural edition of Dev Summit Munich, Danielle Sudai, security operations lead at Deliveroo, explored the fundamentals of cloud security posture management, stressing how a single misconfiguration can damage your company’s security. She emphasised the importance of bridging the gap between the different layers of the organisation, from governance to technology.
During her presentation at the inaugural edition of Dev Summit Munich, Danielle Sudai, security operations lead at Deliveroo, explored the fundamentals of cloud security posture management (CSPM), stressing how a single misconfiguration can damage your company’s security. She emphasised the importance of bridging the gap between the different layers of the organisation, from governance to technology.
Sudai started her presentation by retrospecting the most significant data breaches in recent history, emphasising that some of them were caused by seemingly innocent misconfigurations as small as a vulnerability within a bucket.
After a refresher of cybersecurity terminology, Sudai defined CSPM as
. a technology that helps to identify misconfigurations using its metadata to identify potential threats that lead to actual breaches.
She describes its lifecycle as inventory(any attributes related to the security of the cloud infrastructure, including rules, policies and tooling), scanner (the tool that analyses any event happening in the infrastructure permitting identification changes over time), detects (identifying in the inventory the exposed components based on the events extracted during the detect), notify (the alerting mechanisms pointing the potential fault to the users) and enforce (templating mechanisms which facilitate an improved security posture), indicating that the secret is the collaboration between the different technical functions of the organisation.
