Amazon’s, Google’s and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in cloud security. It’s a short read, and it’s well worth the time invested in downloading a copy. I want to share my observations on some of the most interesting points that align with my own experiences and thinking.Cultures of SecurityThe six core “cultures” are categorized to succinctly capture several important perspectives on security: Security by Default, Responsibility, Awareness, Inevitability, Review and Sustainability. In the mode of traditional security thinking, concepts such as responsibility, awareness and review are very well-known and understood, but the idea of Security by Default and Inevitability offer an almost nihilistic view that too few in the sector have embraced.The idea that you have to act with security in mind all the time yet still expect it to fail sometimes is something that requires acknowledgment in the same way we approach health and safety in the “real world.” For instance, we build mechanisms to provide safety at all times whilst still including additional methods of reducing the negative effects when something does go wrong. As a more concrete example, we have long accepted the idea that we should have fire-resistant a ..
Support the originator by clicking the read the rest link below.
