But where many organizations often fall short is optimizing the middle domain: infrastructure. In the world of public cloud, infrastructure acts as the foundational layer for your overall cybersecurity program… and it’s where 65% of cybersecurity risk lives. Getting it wrong can be a huge (and costly) mistake.
What is Foundational Cloud Security
When talking about the different levels of cybersecurity, we like to think of foundational security as the essentials of a safely-built home. If you’re looking to unpack all of your valuable assets and personal data into a new home, you’re going to want to make sure that it is outfitted with all of the necessary infrastructure in place — a door with a deadbolt, windows that shut and lock, and a door and keypad on your garage. A sound overall structure…good bones, right? We’re talking about the basics of 101 home security.
This is the infrastructure of your cybersecurity program.
Sure, you can store your assets in a house with a propped-open window or a garage without a door, but you’re going to have a greater probability of a catastrophic event happening. And if you try and install a security tool on a house with no windows and no doors, you’re going to experience a constant barrage of alerts, warnings, noise, false positives, and fatigue — because everything is going to look like an urgent attack possibility.
65 to 70% of all security challenges in the cloud arise from misconfigurations, such as the simple human error of forgetting to close and lock the window, or leaving the back door unlocked. Putting the focus of security back on infrastructure cuts down the opportunities for these common mistakes to happen.
A great way to achieve and demonstrate this is through a third-party tool like Tenacity, which gives you a manageable program and protection against the mistakes of your users by scanning for issues in your cloud environment, spotting misconfigurations, and prioritizing the issues you need to tackle first.
This is also going to have a downstream effect on the success of your cybersecurity tools, as they now have a narrower set of things to monitor and watch in your environment. Therefore, your alerts just get better by taking action on that configuration.
By monitoring your foundation, Tenacity also can also help reduce infrastructure, reduce spending, and reduce alerts, noise, and fatigue.