Webinar: CISO Strategy for the Cloud
I recently participated in a webinar discussion about how CISOs and security leads are securing and navigating the cloud. It’s a pressing topic for many in a time when cloud adoption is accelerating across many, if not most industries. In fact, according to IDG’s 2020 Cloud Computing Survey, 59 percent of respondents said their organizations would be mostly or all in the cloud within 18 months.
The cloud changes our approach to cybersecurity on so many levels—it introduces new technologies and technical complexities, presents us with a new shared responsibility model with customers, partners, and cloud providers, and, combined with the concurrent increase in remote workers, demands that we rethink what a “security perimeter” can and should be.
Joining me for the webinar were:
- Jo Peterson—Vice President, Cloud and Security Services, Clarify360
- Brian Campbell—VP, Cyber Security Architect, Veeam Software
- Mike Goldgof—Senior Director, Product Marketing at Barracuda
We spoke about the key challenges we face as cybersecurity leaders to keep pace with cloud adoption in our organizations, as well as more narrow questions we face. For example, how can we help our employees and customers learn to be safer cloud users—so we can go from watching them like a parent watches their child walk to school by themselves for the first time, to trusting them to do most things on their own? Or how should we think about purchasing cyber insurance to protect against risks—it makes sense to protect ourselves against a catastrophe, just as we would when buying car or home insurance, right?
Here are a few more ideas we discussed at depth during the webcast:
Securing an extended perimeter to accommodate expanded cloud usage and remote workers:
We all recognize that the traditional, fixed perimeter built to stop external threats is insufficient and becoming obsolete. People now access our networks and data from virtually anywhere, via both managed and unmanaged devices. How can we control access, authenticate users and devices, and move from a model of implicit trust to Zero Trust and continuous risk assessment to better secure this new working environment?
Dealing with the “sprawl” of the expanded cloud:
People are using the cloud to discover tools that help them to be more productive and efficient, often prioritizing getting the job done over getting it done securely. This presents a big challenge for cybersecurity. We with the “sprawl” of the expand need new approaches to maintain visibility into and control over cloud activity by our people, including the increasing number of cloud apps and tools being used by employees, and the often fragmented, multiple repositories on the cloud now containing our data.
Taking advantage of automation and AI:
Securing the cloud across not just our own organizations but also in alignment with customers and partners is an increasingly complicated task. As this complexity grows, it becomes necessary to install more automated processes and to use AI in more places to take the burden of executing security monitoring processes away from humans, who can then shift to higher-order analytical tasks and strategic planning.
Register to watch the webinar to hear myself, Jo, Brian, and Mike bounce these ideas off each other, as well as tackling hot cloud security topics like how to handle third-party risk management, educating employees to be safer users, upskilling your team, and more.