How many times have you explained defense-in-depth?
Now that we're moving to the cloud at a faster pace, how is your analogy holding up? In the process, how is your thinking?
As I've written about before, migration to the cloud is happening. Security leaders have a choice. We can lead the way or get left behind. When we embrace the potential, it turns out the cloud acts as a forcing function to help drive change.
Turns out it also helps remove constraints and shift thinking. That's the thrust of what Brian Ahern and I recently talked about.
Brian (LinkedIn) is the Chairman and CEO of Threat Stack (@threatstack). A seasoned technology executive with nearly two decades of experience, Brian is passionate about disruption. He joined Threat Stack in 2015 from Industrial Defender where he was Founder and CEO, and which he saw through a successful acquisition by Lockheed Martin in April 2014.
Our conversation was energetic and inspiring. Brian laid out compelling ways security leaders can engage executives and use the cloud to improve security and bolster their leadership.
Here are my five questions with Brian Ahern:
Talk about the change in the constraints and why that is important
Today's organizations have become atrophied after several decades of building transitional security strategies where "protecting the perimeter and network intrusion detection" took priority over gaining deep insights into application and data environments to better understand and monitor how applications and data can, and does, become compromised. Now - in the era of the cloud - these organizations are being forced to quickly change their way of thinking when it comes to security. With a move to the cloud, the physical constraints of IT scaling to support business growth are gone. But, a new constraint emerges: how to think about the cloud in the context of security. Organizations must understand the need to rethink approaches to IT security when transitioning from traditional on premise to cloud infrastructure. To simply apply on-premise security technology to the cloud is a recipe for disaster. Cobbling together point solutions results in a fragmented security approach that, due to the nature of the cloud, simply yields an inadequate security strategy. Companies need to forget what they did before, step back, and really work to understand the nature of the cloud first and why the traditional "perimeter and networks" no longer exists.
A key shift in thinking about the cloud is defense-in-depth. How does this work without a customer managed perimeters and networks?
This is the area that excited me the most about joining Threat Stack; that we were fundamentally changing the approach to security when it comes to the cloud versus the traditional on-premise security space of the last several decades.
Sign up for Computerworld eNewsletters.