Discovery Questions Flashcards

1
Q

Environment

A

Which public cloud platforms do you use? Have you gone multi-cloud? Do you secure your clouds with different tools for each cloud?

Do you use a CWPP? A CSPM? If so, can you tell us which vendor(s)?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Related

A

Have you experienced a significant security incident? If yes, when/what happened? Were there negative consequences?

Do you feel like you have some security blind spots across your cloud environment? Do you have visibility into all your AWS, GCP, and Azure cloud assets?

Does your current cloud security approach provide a prioritized view of risk?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Sizing

A

Which cloud services does your organization consume?
About how many cloud assets do you have on your public cloud platform(s) today?

What is the average number of actionable alerts that you receive on a daily basis?

Approximately how many cloud assets such as VMs, containers, and datastores are deployed across your public cloud platform(s) today?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidence/Reporting

A

How would you rate your business’s risk posture?

Are you able to effectively communicate the status and progress of your cloud security program to key stakeholders?

Do you feel overwhelmed by the number of vulnerabilities you are asked to patch and other security issues that need to be remediated? Does your team suffer from alert fatigue?

Do you spend time on cumbersome or repetitive tasks during remediation efforts?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Compliance

A

Is your company a regulated business? What compliance standards or frameworks do you need to adhere to? (CIS? PCI-DSS? ISO-27001, SOC2, GDPR? etc.)

Which compliance mandates or industry standards are important to you?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Best Practices

A

What is your current approach to cloud security? Do you run this in-house or with a third-party provider?

Describe your current cloud security infrastructure. Do you have any notable gaps?

What is and what is not working with your current cloud security solution(s)?

Do you find your current cloud security tools easy to install and use?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Influencer: IT Ops Manager (Champion)

A

Cares about: Effective use of time

Focus on their timing and fixes - how frustrating it can be to patch something that isn’t prioritized in real-time while a legitimate threat is allowed to remain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Influencer: Security Analyst (Champion)

A

Cares about: Getting the data they need

Focus on ‘no more Excel spreadsheets’, ease of use, minimal transition effort from previous tools, and integration with their existing security tools and ticketing systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Champion: Director of Security (Buyer)

A

Cares about: Solid communication

Focus on the communication and flow of the security department’s various teams, time and team culture between the Analyst and IT Operations Managers, and ability to report to the CISO.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Buyer: CISO

A

Cares about: Reporting to the board

Focus on reporting to the board via risk meters (red, yellow, green) and clear numbers which make it easy for top execs to understand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is your cloud footprint today? AWS / GCP / Azure?

A

a. % in each?
b. Are you still in physical data centers as well? - If so, are you looking to migrate to the full cloud? Please explain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Target pain. What are you trying to solve?

A

What is important for us to discuss? Is it alert fatigue, is it vulnerability management, M&A pain… etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What security tools/solutions do you have in place today?

A

If the customer doesn’t feel comfortable sharing vendor name would love to get an idea of if vuln scanners or agents or CSPM, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly