For non-technical people, the Cloud sounds like magic. “Don’t worry, we’re migrating everything to other people’s servers” just doesn’t have the same persuasive impact.
I would not be the first person to wonder if “the Cloud” leads some people to take less care about security than they otherwise would.
But I don’t think any of us need to wonder.
In a recent post, we discussed that a culture of “if it’s in the Cloud, someone else is taking care of it” may permeate corporate cultures. At least, we might assume that attitude exists outside the CISO and their team.
The People Problem In Cybersecurity
Recently, we saw news about an employee that caused massive damage by destroying his former employer’s AWS servers. That report exemplifies the type of cybersecurity stories that come out on a near-daily basis, albeit with both more malice and more justice than usual.
The cybersecurity professionals I know feel that the weakest link lies in the behavior of employees and users. Fully addressing that remains a serious issue across all companies, regardless of size or industry.
The People-Who-Think-The-Cloud-Will-Save-Us Problem In Cybersecurity
But what about non-technical executives that decide budgets? They too can be part of the people problem.
An attitude of “if it’s in the Cloud then someone else is handling security, disaster recovery, etc.” may create more exposure than negligent users ever could. Leadership decisions and attitudes cascade down and become company culture.
What Is A Cybersecurity Professional To Do? Improve Security And Get More Data
Structural issues around executive beliefs, corporate culture, and how cloud vendor relationships are handled complicate the job of any CISO.
Sometimes, data can provide a new approach to the conversation. Most of the time, stats around cloud software surprise everyone, including CIOs. If you bring that surprising data to the table, it can provide leverage when trying to steer security culture in a new direction.
Here are some things you may discover with Alpin:
- What cloud software requires risky permissions or contains private information.
- All apps that employees use.
- User activity inside those apps.
- The compliance status of apps.
Getting to know your landscape is a great foundation to improve security and justify changes in policies, procedures, or approaches. Data can start a conversation.
If you’re looking to get more serious about SaaS management, we have over a dozen ways to discover which apps are present in your environment, along with the tools to evaluate their security and compliance. Contact us for a 15-minute demo: firstname.lastname@example.org.