The Internet of Things (IoT) is a term used to describe a system of interconnected computing devices that use the internet to send and receive data without requiring human to computer or human to human coordination. The world of IoT encompasses a wide variety of technologies, vendors, and connectivity methods. While cameras, smart kitchen appliances and smart locks often come to mind, IoT devices are prevalent in all industries.

According to its own website, FedRAMP serves three different of partners: federal agencies, Cloud Service Providers (CSP) and third-party assessment organizations. This article will focus on CSPs and how a good CSP can provide services that provide monetary savings for your agency.

Imagine you’ve protected your production Google Cloud environment from compromised credentials, using MFA and a hardware security key. However, you find that your GCP environment has been breached through the hijacking of OAuth session tokens cached by gcloud access. Tokens were exfiltrated and used to invoke API calls from another host. The tokens were refreshed by the attacker and did not require MFA. Detecting the breach via Stackdriver was confusing, slowing incident response.

Today, data analytics, automation, connectivity, and remote monitoring have made great progress and have brought innovations in every sphere of modern civilization. The digitization in day-to-day human activities has been revolutionized by the Internet of Things (IoT). Based on Gartner’s Forecast database, we can expect that there will be approximately 14 billion devices connected to the internet by 2022. With more devices connected, it will change the way we do business and use resources.

Cloud storage has become mainstream. It is one of the fastest-growing segments of IT spending and an indispensable tool for many modern businesses. However, not enough is being done to secure data residing in the cloud. According to Gartner, 90% of organizations that fail to control public cloud use will share information inadvertently or inappropriately through 2025. Almost all cloud security failures will be due to the cloud customer, not the service provider.

Recently I participated in a webinar with Toks Oladuti (Netskope customer, and senior IT security manager at the international law firm Herbert Smith Freehills), and my colleague Neil Thacker (Netskope’s CISO EMEA). The conversation was hosted by Janet Day, a long-time technology consultant to the legal industry. During the webinar, we touched on a lot of topics and I was particularly interested to hear Toks’ stories of HSF’s journey to the cloud.

“Ev, do you have time later today to discuss the new web GUI for the command line terminal?” said the Slack message. It came from Alex, our user experience chief and the product in question is the SSH client. Part of me was worried. The command line environment had a sanctuary where I found peace and happiness away from the world of browser-based tools.

As many organizations have migrated their infrastructure, applications, and data to cloud offerings, adversaries have extended their operational capabilities in cloud environments to achieve their mission — whether that means stealing intellectual property, disrupting business operations, or holding an organization’s data for ransom.