Cloud data security requires rethinking the approach to the problem given that either no team is responsible for it or every team is, and the supporting security tools don’t consider the collaboration between the data owner(s), security, and compliance teams.
Securing data in the cloud is a lofty task for sure, but there are industry leaders like Ashish Rajan, CISO, and host of Cloud Security Podcast, who are advancing the conversation daily.
Read the insights from Ashish during a discussion with Dasera’s April Mitchell, VP of Engineering and Operations, and join the conversation around transforming data security in the cloud.
We have a human problem; a new toy or technology doesn't change our behavior or habits.
The whole idea around cloud was an abstraction of owning a data center. We realized it was cheaper and more efficient to move to the cloud. So, we’ve upgraded the way we handle data, but we haven't upgraded ourselves.
It's grey - we have not had a lot of conversation around data security in the cloud, specifically. We talk about compliance and policy because there are a lot of legal requirements, like GDPR and other privacy laws. By nature, people assume that you’re covered if you have your Legal, Privacy and Compliance departments all working together.
In reality, if you think about how the budget is allocated; there is no separate budget allocated for data security. In my previous roles and from talking to CISOs at other organizations, there’s no budget for data security because it’s not looked at as a challenge to solve. This is an area for education.
A Thought Exercise for CISOs from Asish
People make risk profiles based on the money generated from applications instead of understanding the type of data that the application has. Next time there is a breach, think about it from the perspective of:
“Is my risk profile based on the data that the [vulnerable] application has?”
OR
“Is my risk profile based on if this application makes us money or not?”
Watch the 24-minute interview for Ashish’s insights here.
Learn more about Dasera.
Subscribe to the Cloud Security Podcast.