Welcome to the CISO Executive Network!
Please log in using the form to the right.
If you do not having a username and password, please take a moment to fill out our contact form to be considered for registration.
What CSO Breakfast Club Members are Saying About the CLOUD
This past week we wrapped up breakfast sessions in Baltimore and DC. Our members seem to have a strong opinion about the cloud. Given that most of our members are CISOs from rather large enterprises, they expressed reluctance to move much into the cloud until security is better defined.
A common theme among our members in Baltimore and DC was the lack of visibility into the cloud. One of our members, a senior security executive with a very large carrier that provides cloud services, made a profound statement. He said "If you want the cost savings of public cloud, then don't ask to hug your server and know where your data is at all times. Its not practical."
I agree with him. One of the clear benefits of moving to the public cloud is cost savings. The comes from using a standard set of infrastructure and applications. Once you start mucking with the standard configuration and begin asking for special controls and greater visibility and even the ability to "touch" your own servers and data, then you begin to degrade your cost savings. It becomes more of a private cloud.
Discussion and debate in both chapters, this past week, was spirited. Most of members feel very strongly, one way or the other.
Our speakers represented our Platinum Partner, Solutionary and one of our Silver Partners, Sourcefire. Pamela Fusco, a veteran information security professional and former CISO herself, gave an impassioned presentation showing that migration to the cloud is nearly inevitable. Pamela used to industry figures that showed SMB entities are moving to the cloud in large numbers. Pamela's explanation was that for SMBs, cloud services are likely to improved over what they can do themselves. Even as it pertains to security. Pamela reasoned that larger entities are moving there more cautiously, but, with the greater adoption of Cloud Security Alliance standards larger entities should be more comfortable.
Richard Park of Sourcefire focused his talk on how to gain greater visibility into the cloud, especially when the cloud uses virtualization (which most do). He shared some best practices and made it clear that its not all technology, but processes are vitial to good security in virtual cloud environments.
Look for more from me here in the blog over the next 2 weeks as we take this dicsusison on the road to Pittsburgh and Philadelphia next week and Boston and NY the following week. Jump in on the discussion and let me know what you think.