Cloud adoption is soaring, attack surfaces are expanding dramatically, and security budgets are being squeezed. Security teams must urgently re-evaluate the cloud landscape in 2023, recalibrate their response to fast-evolving threats and break down the traditional siloed approach to cybersecurity once and for all.
Security leaders with experience at companies including Amplitude, BigID, DocuSign, Mailchimp, Rockwell Automation and United Airlines shared their actionable insights around cloud security.
Here are their five main takeaways:
1. Ensure security keeps pace with connectivity Whether it’s APIs or IoT technology, connectivity is getting faster and easier, but it’s also making companies more vulnerable. The panelists agreed CISOs must ensure security keeps pace with the rapid acceleration of connectivity.
Olivia Rose, former CISO at Amplitude and MailChimp, and now CEO and founder of Rose CISO Group, highlighted the dramatic increase in APIs and the corresponding need for enhanced API security to illustrate this point.
Rose along with the other panelists agreed that CISOs need to gain granular oversight of their cloud environments, including what third parties have access to them and how they are being connected. Only then will they be able to carry out a comprehensive security audit, identify areas of potential weakness and address them accordingly.
Nicole Darden Ford, CISO at Rockwell Automation, said the role of the CISO was being made even harder by the speed of change within the cloud industry. “We’re seeing three main trends right now,” she says. “The first is the dramatic increase in cloud adoption. The second is an uptick in cyberattacks and the third is the impact of the economic downturn.”
Darden Ford used the example of critical infrastructure manufacturing, which has recently experienced a period of intensive cloud adoption and increased budgetary pressures on cloud security teams industry wide. This has made the sector more vulnerable to cyber threats.
2. Identify what matters most to your company and protect it Emily Heath, former CSO at Docusign and United Airlines, says that companies should identify what they value the most and then build their cloud security strategy around it.
What is the thing that matters most, where is it, how are you protecting it, how vulnerable is it and how prepared are you for when things go wrong? If you anchor the answers to these questions to what matters most to your company, you’ll be able to prioritize where you spend the vast majority of your time.
Emily Heath
Former CSO, DocuSign and United Airlines
Heath says that this process will help CISOs and their teams focus primarily on outcomes and how they will protect their company, rather than technology.
3. Switch focus from niche challenges to improving existing tools and concentrate on the bigger picture Nimrod Vax, Co-Founder and Head of Product at BigID, says every company has a laser-like focus on costs and generating value across the organization at the moment. In this environment, savvy CISOs will look to improve existing cloud security tools in a bid to avoid duplication of effort and address issues across multiple lines of business.
“We’re seeing CISOs go out to the chief data officer and to the privacy officer to bring together a broader budget to solve a bigger problem across multiple lines of business,” says Vax. “Integration is the key – the ability to enrich, rather than replace the tools you already have. For example, you can make your data catalog better, you can improve your existing cloud security posture management solution or your Azure Synapse Analytics tool. That way you get more value out of your existing tools and everyone benefits.”
4. Align your cloud security strategy with C-suite goals. “Positioning the security function as a business enabler is critical,” says Rose. “To do this, you need to align the strategic goals of the security function with those of the board. For example, critical patch management may be really important in the security world, but it’s not something the C-suite necessarily cares about, because it is not a profit driver.”
Rose offers the following six-point strategy to align cloud security with C-suite goals:
Make sure your activities contribute to the bottom line
Reduce your internal costs
Improve internal operations
Reduce overall risk – including financial, brand, enterprise and security risk
Aid global growth
Increase customer satisfaction and lifetime customer value.
5. Ramp up collaboration in order to keep your cloud secure Heath says cross-sector collaboration is key to fighting security risks. “The world is in turmoil: there’s an economic downturn, layoffs, political unrest, and operational uncertainty,” she says. “All of this creates a playground for criminals, so we all need to be alert. The best way for us to protect ourselves and each other – on both the vendor and practitioner side – is for companies to work closer together, identify emerging trends, share intelligence and infuse this in everything we do.”
Heath says she is seeing this more frequently – companies working closer together, creating open platforms, a lot more community sharing and creating a recipe for success.
View the full CloudSec360 session now for more industry-leading insights and analysis on the biggest cloud security trends for 2023.