CIOReview
| | 19 NOVEMBER 2025Python, for example. You need expertise in understanding and choosing the industry-standard security control benchmarks to make adjustments and implement with quality.It also comes down to the management of the cloud. We will see a better adoption and acceptance once fundamental knowledge of what security services can do for all the areas is better understood. In particular, we will need to better educate executives and managers with an approach rather than the technical details of how the DevSecOps model works with respect to their existing enterprise silos. It is a shared responsibility between the cloud provider and the enterprise to accommodate and implement the model. Do not try and change the whole corporation at once; pick a couple of projects that have some visibility, employ some creative and determined problem solvers - and continuously improve every day to roll-model the behaviors of shift left security.Can you shed light on some of the reasons why cloud adoption has increased after COVID-19?There are several reasons and aspects surrounding the rise of cloud adoption, thanks to the hardships and changes in reality from the pandemic.For one, executives had to rethink how their resources could accomplish their tasks remotely, which the cloud solves natively. And customers shifted their expectations, some to their dismay, when companies could not meet their demands. And then held onto the brighter expectations from those companies that were nimble enough to pivot on the fly into the cloud. But those companies could not have succeeded without a dramatic change in their mindset, approach, and culture. As they began investigating cloud technologies, their concern for how their goals for cybersecurity also increased. But as the "shared-trust model" was demonstrated to be as secure or even more secure than their existing ecosystem - organizations began investing in the cloud, and it snowballed from there.However, the effectiveness of their people using the new platform was a gap, where they still needed to learn how to properly design, test, implement and operate within the new "shared-trust model." But with great partnership from the platform vendors, including hands-on training where resources could learn at their speed (Think: FAST and OFTEN), cloud computing acceptance gained momentum. Senior management began to become familiar with the risk/reward of moving into the cloud and chartered the teams to build comprehensive programs to grow out hybrid, cross-platform interoperability. As enterprises matured, so did their understanding of the evolving cyber threats, so they could implement their defence-in-depth strategy and ensure that their threat detection and response are optimized and continuously improving while meeting their appetite for risk.Having said that, the cloud providers have been continuously improving their security policies for compliance and for monitoring or managing customer data to help with Gramm-Leach-Bliley Act (GLBA), California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), PCI and other notoriously stringent regulations. Another silver lining of the accelerated cloud adoption after COVID-19.What would be your piece of advice to your peers or the leaders in the cloud security space today?Take the time to research the best practices of related technologies before jumping into the deep end. Take the time to evaluate proof-of-concept/proof-of-value projects. Most vendors will openly partner with you to try their services for free if you can show a favorable need. Allow multiple avenues of training. THINK: self-study with hands-on training, remote workshops, time for networking and peer-sharing events both in-person and remote anything atop of the traditional instructor-led classroom (Bueller, ­ anyone?) to incorporate the basic and advanced concepts into different areas of your business. This reduces the problem of getting answers and managing teams that need solutions faster than waiting for the teacher to show up and hope to gain wisdom. If you are hiring a consultant, understand that they will not have all the answers. I would recommend that the resource, and especially leadership, attend at least one virtual conference a month, if not more, in multi-domain and in multi-sector conferences to get their perspective, which will help shift policies and standards into current best-known practices. It is nothing new to you that ransomware, phishing, and malware incidents are increasing the rate of security breaches at a mind-numbing rate. Cloud computing added AI is a requirement for large corporations to reduce the risk and elevate the correct anomalies that are true risks. Even more troublesome, the hacking successes are, in a sense, the large result of human error. Education and awareness are essential to combat cybercriminal activity and prevent security breaches. And since the bad actors are always evolving, using cloud technologies will help you shift security left and continuously improve your security posture (if done right) easier than on-premises solutions. Don't try and change the whole corporation at once; pick a couple of projects that have some visibility, employ some creative and determined problem solvers - and continuously improve every day to roll-model the behaviors while shifting security LEFT.This article is based on an interview with CIOReview and Mark Gordon
< Page 9 | Page 11 >