Today’s cloud collaboration tools present a new set of security challenges, requiring companies to balance the needs of employee convenience with the risks of both outside and inside threats, whether malicious or unintentional.
We asked three CISO’s their top security strategies in today’s modern cloud-collaboration workforce.
The following are excerpts from our CISO-to-CISO interviews. You can watch the full video here.
“The cloud is completely changing how we do things. The perimeter that we know is gone. You're now working with servers that aren't yours, that you share with other people likely, and you lose a certain warm and fuzzy feeling that you're in control of it.
So, it's changed the type of roles that we need to fill. It's a lot more about code development now, secure coding. We need a lot of developers who know how to use these cloud technologies and program them successfully.
So, a lot of times you see issues and struggles between the infrastructure teams who manage the on-prem equipment, the physical servers, and between the development team who are managing the cloud. And the development team wants to go, go, go, really fast and just shoot stuff out there, because it's cool and you can spin it really quickly, which is the beauty of the cloud.
But yet you've got the on-prem team saying, hey, not so fast. We've got servers on the ground and we’ve still got to protect our physical servers.
So, there's a lot of struggles there. And the only way to get above and beyond that is to have that management guidance and issue resolution from a higher leader, to bring the two groups together and implement best security coding practices and so on to make sure secure code is being deployed and the team is as happy as well.”
“There is a data security aspect where now you have data that before, you had control over...and now is available from any device anywhere in the world because it's in the cloud.
Sure, you have access controls. But before, you relied on that separation, more so than the actual access and authorization controls, and now you don't have that anymore.
It means that you have to have good I.T. and engineering hygiene to make sure that you're authorized - giving access to these applications to the right people.
You're looking at those things like single-sign-on or multifactor. So there's a lot more to it than before.
And before you had I.T. owning the technological decisions and all your decisions for the organization. Now, in a cloud world, you can have marketing go get their own technology. You have sales getting their own technology, you have finance getting their own technology, HR as well. So, you have to now partner with those teams with the decision making coming from them, not you.
And you're only there to make sure that they're doing it effectively and securely. So it changes the responsibility model internally as well. So it's a lot of interesting challenges.”
“I think at a very core level, I'd like there to be an understanding that security is not just a problem for the security team. It's a company-wide problem.
And there needs to be ownership and responsibility distributed across the organization to make that better. And I don't think that minimizes the challenge or role of a security organization, but it shifts it subtly where I think security needs to become an enabler as opposed to a blocker whenever possible... to make security easy for people to do.
Focusing on strategies that build out foundational security controls that are easy for people to understand and consume, I think enables you to give them a little more trust and own a little more of their own world from a security perspective. And that lets your team have a more distributed impact throughout the organization.”
You can watch the full interview here.
Fill in some contact info below or schedule a meeting so we can reach out to provide more details on how Altitude Networks can protect you from data loss in the cloud.