What’s the #1 focus of your cloud security strategy?
Sort By:
Oldest
Sr. Director of Enterprise Security in Software3 years ago
Best practice is one of the main areas I'm still focused on. I had to call out bad practices in our own internal process like, "This didn't hit us but here's a bad practice. Here's how we should have done this." It’s reinforcing what a best practice should be. Because I can buy AI all day long and it'll theoretically do some amazing things, but it doesn't help at all if I'm still embedding API keys in source code or something.
That's not the answer that people like to hear because it's not sexy, it’s boring—there's no AI or ML mentioned. But there's an opportunity right now to get that to the baseline. After that, when you have it, then you can then leverage technology to be the force multiplier. What I don't want happening right now is that people put AI/ML on a crappy foundation. That will just keep telling you that you have a crappy system over and over again. I don't need a notification every day telling me something's bad if I already know it's bad. But that's where people are wasting a lot of time.
So where’s the balance? I think it will be a scale of maturity. You protect your infrastructure, identity, boundaries, and you make sure those are all well connected. From a cyber perspective, you have tight control over what goes in and out of those parameters. And then you can start worrying about some of the loopholes that all these cloud apps are creating in terms of bypassing those boundaries.