February 8, 2022
News

Webinar: Cloud Security 301 with Eureka Process

Tenacity’s CEO sits down with Eureka Process to talk about advanced security tools that will help you identify, track, and mitigate cloud security problems.

A few weeks ago, Tenacity’s CEO, Jason Yaeger, had the opportunity to sit down with our friends at Eureka Process for a quick conversation about cloud security solutions that go beyond the basics of AWS Management Console, Azure built-ins, and other been-there-done-that solutions that we’ve seen time and time again. 

(Think of it as a Cloud Security 301 course, if you will.)

Throughout the webinar, there were so many great tools and insights exchanged in the arena of cloud security and compliance that we wanted to highlight some of our favorite takeaways here on our blog. However, be sure to check out the full video below for a full recap of the conversation:

On what security teams should really focus on in the public cloud…

Jason Yaeger: “When you're talking about the rise of public cloud infrastructure, we've gone from small internal teams that have access to inflict change in their environments to teams that include dozens or hundreds. Each environment requires different types of people with different abilities, because that's what the public cloud gives you. While this gives you the flexibility to do things at a rapid pace and to be super agile when it comes to developing things for your customers, there’s a price to that. That you have more hands in the cookie jar. Plus, not everybody that's doing this knows exactly how these things should be configured from a security perspective.

“A lot of people are focused on the visible issues when it comes to security… ‘How do I prevent hackers from Russia or China from getting into my application?’ So, all of these complex tools are deployed to learn when those people are trying to attack you or coming into your infrastructure. But, at the end of the day, two-thirds of all cloud breaches come from not configuring your own services correctly. And so if you just start there, you're going to really mitigate a huge piece of that security puzzle.”

On the problem that the cloud security space has created for itself…

Jason: “From a marketing perspective, companies (especially in developing markets like cloud security) just come up with a bunch of little acronyms that are abbreviations.  CSPM, CCM, CASBY, CWPP and CMP — all these different abbreviations. But they don't mean anything to a user… more specifically to the person that's trying to solve the problem. I could list five different acronyms that our platform could align to here, and it's become too difficult for a user to figure out exactly what they need or which one of these abbreviations is going to solve their problem.

“The industry itself has caused a lot of this confusion, which is why every single year, the same problems exist in the public cloud, AWS, Azure, and GCP that existed the year before. It's because it's really confusing and nobody makes it easy to gain an understanding of where they sit from a security cost and compliance perspective.

“So, how do you solve this? First of all, ignore all this crap. Focus on the problem that you have and you can solve it. At the end of the day, what everyone's trying to do is have a more secure environment that’s going to mitigate data breaches and a litany of other things. But I don't want to have to go buy five or six different tools to solve a problem that I'm having, which is really what you have to do today. The cloud security industry has caused confusion, which has basically caused a lot of companies, especially in the mid-market where they don't have the resources available to go out and hire a lot of this talent, to procrastinate on the issue.”

On the benefits of guided remediation…

Jason: “By default, Tenacity has read-only access to a customer's environment and we do that for a couple of reasons. First, the more access that other users, companies, or people have into your environment, the less secure you are. We don't inflict change in an environment, but we tell you when you have problems and we give you guided steps to remediate.

“We also have a number of partners that we work with specific to cloud infrastructure like AWS and Azure. If we see that a company doesn't have the right resources or tools in place to be able to remediate the errors we find, we have a partner network in which we refer them to, for partners to come in and help them remediate those things and even provide some ongoing managed services. We've done that for a number of companies and it works out very well. So, if you’re relatively immature in the security space but have this rock solid managed service business, a tool like Tenacity can provide a much clearer understanding of what you don't know with access and pointers on how to get started.”

On how Tenacity cuts through the noise…

Jason: AWS and Azure tools and interfaces are designed for technical people — developers in many cases. So, they're not really easy to use if you’re a company that can't afford the talent that it takes to manage those tools properly. If you look at the AWS API or management console, or whatever tool you're using, it’s not easy to get a one shot view of everything you have, which is crazy. You want to see everything you have, how it's performing from a security perspective, and then also give it business context. So, Tenacity was built to cut through that. We give a very simple view over your environment because we want everyone to be able to have a secure operating environment, as well as a cost-neutral environment as well.”

Thanks so much to our friends at Eureka Process for having us for this webinar. To check out the full video of our conversation, head to their YouTube channel.

Want to see how Tenacity can help you get a grip on your cloud, starting with compliance, cost, visibility and security? Head to TenacityCloud.com and click Sign Up to get started - no sales call or demo required.

Latest articles

Browse all