Inversion6 officially joins forces with sister company TRG.  LEARN MORE >

Services

We’re a selected team of skilled cybersecurity professionals who work as an extension of your IT staff, as well as best-in-class technology to add an additional layer of protection to your organization.

View our Managed Services
Ask About Our Outsourced Cybersecurity Program

Our comprehensive outsourced cybersecurity program leverages advanced technology and expert professionals to enhance your security without the need for in-house capabilities.
 

Learn more

Partners

We collaborate with best in the business to ensure our customers receive the highest levels of care and support. These trusted relationships allow us to better serve and educate our customers.

Regional Partner of the Year Award

Partner of the Year Award

Why Inversion6

With an abundance of solutions and providers, the task of choosing the right option is critical and can sometimes be overwhelming.

industry validation

"Thanks to Inversion6, we now have an established protocol and response procedure whenever incidents are detected. Now, we are able to act immediately to prevent a security event from becoming a larger incident."

Read Full Story

Resources

Our experts are thought leaders in the cybersecurity space. From blogs to publications and webinars, check out these resources to learn more about what’s trending in our industry and how you can stay ahead.

Why Cybersecurity Should Be Driving Your Enterprise Risk Management Strategy

By Christopher Prewitt

Read Article
Latest Inversion6 Press

CISO Craig Burland’s latest byline in Cyber Defense Magazine discusses the importance of accountability in cybersecurity.

View Story
December 13, 2022
By: Craig Burland

Understanding Cloud Security Demands Challenging Assumptions


Cloud computing offers organizations the opportunity to provide new technical capabilities with relative ease. Companies and businesses of all sizes are eager to take advantage of the benefits of the cloud. They are moving fast to add specific capabilities, integrate current solutions to better optimize resources and performance, or migrate fully to the cloud. But in the midst of a digital transformation, it’s all too easy to make faulty assumptions about cybersecurity and violate your principles. Tempering speed with thoughtful consideration about overall security posture is a must to avoid risky and potentially costly missteps. 

It’s Not a Matter of What — It’s a Matter of How 

The cloud is not drastically different from on-premise when considering what needs to be done — securing your data, protecting your users, and guarding your applications. An organization’s security posture (i.e. their general approach and level of security) should be consistent across the entire technology environment, including both on-premise and the cloud. That’s the what. The big difference with the cloud is how. Critical to understanding cloud security is recognizing that the cloud is a new technology frontier that requires new tools, processes, and approaches to implement the same controls.   

For example, if you don’t let developers manage firewalls on-premise, don’t let them do it in the cloud. With identity management, there should be clear requirements for onboarding and offboarding personnel to your on-premise IT environment. Those same requirements must also be applied to the cloud. You can apply that idea to hardening servers, managing confidential data, monitoring critical assets, limiting access from the Internet, etc. 

Failing to apply consistent controls in the cloud comes with dramatically increased risk given the integrated nature of the platforms and Internet adjacency. Last year, Accenture fell prey to a ransomware attack that resulted in the exposure of nearly 40,000 passwords and a ransom of $50 million. The breach came from a misconfigured cloud server that left critical information exposed. Hundreds of millions of Facebook user records were exposed on a cloud server in another instance of an exposed database that contained private information that could be used in targeted attacks or secondary hacking attempts. 

Below are three assumptions about security and how addressing them can help businesses mitigate the risk that comes with leveraging the cloud. 

Delving into the Cybersecurity Trends of 2022: This year was a whirlwind; and some couldn’t keep up. In case you were out of the loop this year — here's what our team saw in the cybersecurity space. 

1. My Provider is Securing It 

One of the biggest assumptions about understanding cloud security is that the cloud service provider (CSP) handles all aspects of security. That is false. The cloud security model is built on the idea of shared responsibility. No matter what types of cloud environments an enterprise uses — be it an Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS) — organizations must understand that the CSP is only responsible for securing what it provides. If you’re using a SaaS application, the provider will secure that specific application, but not the data inside it. If you’re using IaaS to provide new cloud servers, the CSP is responsible for securing the cloud data center, but not the virtual hosts themselves. In short, protecting your data, ensuring the proper configuration, managing and monitoring solutions, etc. is all YOUR responsibility.  

2. Cloud Migration Means Less Security Work 

This is simply not the case. In fact, the opposite is true. While your technical capabilities may now be hosted in the CSP’s data center, it does not lessen the diligence and attention to detail needed to secure those assets. Imagine buying a second home and thinking, “I locked the doors at my old place, so this new house should be fine!” Security teams need to understand and defend this entirely new environment while simultaneously adapting processes and tools built for on-premise workloads and continuing to monitor the existing on-premise environment. 

CSPs — be it Amazon, Google, or Microsoft — all offer different security tools. Understanding what security capabilities your cloud provider offers and how they should be used is essential to maintaining a strong cloud security posture that addresses your responsibilities under the shared responsibility model. 

Adding to this challenge, many organizations use a variety of cloud services to handle different aspects of their operation. This forces security teams to tackle some difficult problems: Do they try to duplicate the policies and processes used in one environment for all the others? Do they have the people and skills necessary to learn multiple new toolsets and implement the proper controls? Do they reprioritize investments to acquire multi-cloud security platforms?  

3. A Digital Mindset Equals a Security Mindset 

Being ready and willing to embrace cloud computing or a full-scale digital transformation doesn’t mean the business is well versed in the knowledge needed to secure that new environment. Put another way, a digital mindset doesn’t equal or automatically include a security mindset. 

Leveraging digital tools, building digital products, and crafting digital strategies are skills that must be taught. Organizations frequently include a large learning component in their digital transformation roadmaps. Fundamental principles of risk management, compliance, and security by design must be taught alongside other digital skills to enhance awareness and enrich the security culture. Without every power user, developer, and administrator being cyber-aware and understanding cloud security and their responsibilities, the organization risks misconfigurations, unmanaged vulnerabilities, and enabling simple exploits that could derail your digital journey. 

From IT to OT: Operational technology is interconnected with IT systems like never before. You need experts to manage these new processes and standards.  

Deepen Your Understanding of Cloud Security with Inversion6

Inversion6 has decades of experience and industry experts who can map out crucial cloud security considerations — from creating identity and access management (IAM) policies, identifying the proper endpoint detection and response (EDR) tools, installing perimeter-protecting firewalls, and much more.  

We’ve detailed everything you need to know about executing a cloud migration in our free ebook, including more cloud security basics you must understand and the tooling needed to execute your plan. Inversion6 knows what is critical to consider, has experience in implementing security solutions that work, and provides the insight necessary to strengthen your security profile in a new environment.  

Inversion6 is the proven risk management provider that brings a full suite of information security services to help you define your strategy, deploy the right technology, and protect you from malicious attacks. From fractional CISOs to full-service MSSP capabilities, we partner with you to protect your business at every level. 

Connect with Inversion6 today to learn how we can turn your cloud security assumptions into a comprehensive plan. 

Post Written By: Craig Burland
Craig Burland is a Chief Information Security Officer for Inversion6. He is an innovative, driven leader with more than 25 years of experience in information technology and information security. Craig has a record of exceeding expectations by building strong teams, forging key partnerships and delivering innovative results. He is fluent in defining strategies and articulating business value. Craig also holds a B.A. from University of Michigan.

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.

TALK TO AN EXPERT