How the Cloud improves security for everyone

Reflecting on the insights and discussions of the Leading Security Change series reveals a clear benefit of moving to the cloud that improves security for everyone

Do you trust the Cloud?

Most security audiences I ask do not. They believe the cloud (defined anyway you like) results in less control, less security. At the same time, companies are accelerating adoption of cloud-based solutions. Considered obstacles, security leaders get left out of the process.

What if “the cloud” improves security for everyone?

At first, I saw potential for cloud solutions to increase security for small companies. Organizations with no or limited security staff. Now I embrace the potential of cloud solutions to improve security for every organization.

Even better?

The Cloud acts as a “forcing function” that improves security for everyone. Even those who don't use it.... yet.

A moment to reflect on the Leading Security Change Panel

To close the discussion, each panelist shared the "one thing" that stood out to them.

I invite you to do the same. Absorb and reflect on the pieces of the series, including:

For you, what stands out? What connected with your situation and experience? What are you doing as a result?

Three highlights from the panel discussion

In a series loaded with practical experience, many things stood out. Here are three worthy of consideration:

  • Better specialization creates the ability to improve security

  • Offload tasks to free up time and energy to focus on areas of higher value

  • The cloud is a forcing function that improves security for everyone

To distill to the "one thing," for me, it's the power of the cloud as a forcing function. It is how cloud improves security across the board. Everyone benefits.

The power of cloud as a forcing function

forcing function is “any task, activity or event that forces you to take action and produce a result.”

People want cloud solutions. Consumers and businesses alike see and experience the benefits. Sometimes the flexibility and ease of cloud solutions is a double-edged sword. Especially for security leaders. Instead of working to block or bottle neck the effort, embrace it.

If you impede the progress, you get ignored.

Progress? Migrating to cloud solutions forces us to think and act different. That’s needed. And it’s good. Embrace the opportunity to pivot to think about function. Focus on outcomes.

Start by asking my favorite question: “What’s the problem we’re trying to solve?”

The process of discovering the real problem often reveals opportunity. For most, this is the chance to improve security while helping advance the business. Solutions we've struggled with are now essential to the success of adopting the cloud.

Security enables the transformation people seek.

The security benefits of the cloud as a forcing function

There are at least three distinct benefits to the adoption of the cloud in how it forces us to adapt and improve:

  • Translating technical experience and jargon into functional understanding creates better solutions

  • Vendors embrace specialization and cooperation with each other to the benefit of their clients

  • New techniques and methods developed in the cloud get incorporated into existing (non-cloud) solutions

Hailed for the ability to disrupt and improve business, the cloud benefits security, too.

It is time for security leaders to embrace cloud solutions

Whether resistance is futile or not, cloud-based solutions are driving security change. While the method is different, this is the change we wanted.

It’s the change we need. We're just getting started.

The purpose of Leading Security Change is to reframe and introduce the topic as a solution. The research and discussions around cloud give me more to share. Look for updates in my regular column on Translating Security Value.

Share your experiences and insights. Ask me your questions. I’ll work to get answers and amplify the good™ that we might all lead security change.

Next time I ask a group of security leaders if they trust the cloud, I’d like to see more nodding heads and hands in the air.

Better is when some explain how it helped them improve security. Is that you?

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud computing

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Santarcangelo

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place