The security landscape is drastically changed in the Post-COVID world. Before the pandemic, the journey towards cloud adoption was proceeding with casual speed. But now, business adoption of cloud and cloud-based technology has accelerated due to the change in workforce dynamics created by the surge in remote workspace (Zoom, WebEx, etc.) and remote workplace (bring your own office).
In this new landscape, unvetted security controls and architecture in this changing landscape and dynamics bring their share of pain points for CISO using existing security process, data and tools to validate those technologies. Devops and Secops dynamics is already part of the security process in mature organizations, but there is still sizeable gaping hole in using and implementing the security control framework in an organization.
Historically, those enterprises and vendors have relied upon analyst firms and independent sources (external red team, testing lab) to get the quick answer to operationalize the security framework. As such, there still exists a gap between these entities such that any cyber-risk information derived from these data points inside different industry standard framework in the form of true return on security information, especially cloud and cloud-native technologies.
SecureIQ lab bridges the gap that exists between those entities. We have been working and collaborating with governments, enterprises, vendors, security researchers, independent testing labs so that people can get the right information for any cloud and cloud-native technologies that can be mapped into tried and tested frameworks like NIST, Lockheed Kill Chain and MITRE.
One of biggest challenges has been the inability to measure the actual cost of insecurity; ideally, this calculation maps the enterprise workflow, the attacker path, the implemented reference architecture, and most importantly the drift between actual and implemented reference architecture over time due to different underlying factors like developer workflow. As a consequence, mapping enterprise-specific use-cases with operational risk metrics reliably is a challenge.
SecureIQLab brings use-cases and an attacker path-driven method for validation of cloud technologies to actively bridge that gap.