This year we’ve seen a number of security breeches caused by the one thing CSOs and CSIOs can’t control; human negligence. In this article we sat down with Gil Zimmerman, CEO and co-founder of CloudLock about how to put in place security policies that are both effective and that staff will follow.
It’s all about educating end-users on appropriate sharing, collaborating and working in cloud applications in general. Since your users are already in the cloud, sharing, collaborating and working, CISOs and security professionals in general have to be vigilant about visibility.
Add that the world is multi-cloud and users, accounts and data span all of these cloud applications, your security team is running blind without visibility into all of them. As a cloud security company, we talk about the differences between traditional on-premises security and cloud security.
Implementing acceptable use policies as you would on premises is paramount but taking that one step further to automate the process and leverage people-centric security, where your users are involved in the process, takes your security program to the next level. Education becomes action. That is how CISOs can and should approach addressing the human factor in 2015.
Incidents like these aren’t going to go away. Any breach or vulnerability is damaging, no matter how small because it proves that something was unprotected. There was a way in, so someone wasn’t doing his or her job.
But often even more incidents, the ones you don’t always hear about, are caused by employees inadvertently exposing corporate assets. Those are the most damaging and can be minimised through educating employees on how to use applications appropriately.
Cloud Security. The growth rate for cloud adoption is increasing exponentially.
Last year organizations focused on the cost-benefit analysis and generally deciding whether to move to the cloud but what they didn’t realize at the time was that their users were already moving there and taking the organization’s assets with them.
The year 2015 will be when organizations come to terms with the fact IT no longer gets to decide what applications and software users are installing; they’re already there. They’re already working in the cloud and corporate assets are already outside the visibility of the security team. What they need to focus on is finding security solutions that provide their teams with the visibility needed across multiple clouds. That’s why cloud security will be the gamechanger in 2015.