Jim West, host of the TopCyberPro videocast, discussed with MITRE and the Cloud Security Alliance how the industry can help keep the cloud secure. They addressed CAVEaT a threat-informed framework that addresses the unique and emerging risks of cloud environments, with detailed security guidance to ensure meaningful implementation of detection and mitigation capabilities.
Mari Spina, Senior Principal Cloud Security Engineer, MITRE, noted that in 2019 President Trump put forth the Cloud Smart Initiative. “We had these high-tech focus groups in silos, and that were separate from the enterprise because they were trying to figure cloud out, implement, and get it working," Spina says. "And then we ended up asking them to integrate back in with the enterprise cybersecurity processes, but it's not always flawless. There tends to still be gaps…We wanted to get to a point where we could very uniquely understand what it meant in each particular cloud service to do a particular mitigation.”
“We also wanted to understand that for each particular cloud service, how the threat and the threat actor’s actions and procedures might be different from what you might normally see or what might be specified in the attack model already,” Spina explains. Out of that research CAVEaT was born.