Encryption and key management
You might be wondering why I left this topic until the very last section of this book. In my experience, most conversations about security in the cloud end with encryption and key management. No matter what topics the conversation starts with, such as vulnerabilities, exploits, malware, or internet-based threats, they end by discussing encryption and key management. This is because encryption is a powerful data protection control that helps provide confidentiality and integrity for data.
No matter which cybersecurity strategy or combination of strategies organizations pursue, when the rubber hits the road, protecting the data is the objective. That's what can be so distracting about the cybersecurity strategies we examined that are proxies for data protection. Security teams get so focused on protecting endpoints or applications that they lose sight that the underlying objective is to protect data. The proxies I mentioned are important and must...