Native Cloud Security Controls Still “Not Good Enough”
Security has slowly embraced adoption of the cloud, but cloud security native tools are still not good enough.
In a roundtable discussion on exploring the cybersecurity threats faced by CISOs in enterprise and hybrid cloud environments, the subject of cloud security was outlined with regards to what is being done well, and what is being done badly.
Dr Ronald Layton, vice-president of converged security operations at Sallie Mae, said, in government, the use of cloud is prominent as a business case, but in the private sector “it makes business sense” as it can be customized for specific needs.
Joe Sullivan, chief security officer of CloudFlare, said security teams are often “dragged along when business leaders look at cost and opportunity and ability to focus on priorities of business and user experience” when it comes the cloud. However, they do not look at infrastructure, and when security teams look at the cloud, they see risk.
“Go to any large security conference and talk to security leaders, and they will say they have not moved to the cloud as they are uncomfortable with cloud products and resistant to what their company is doing,” he said.
Sullivan added that he felt security had “come around in the last couple of years, but security teams need to get with the program and appreciate risks and be involved and not be dragged along.”
John Kindervag, field CTO for P ..