Have you hired any staff specifically for cloud security?

Cloud Security & GRC

Yes - one18%

Yes - multiple61%

No, but we might in the future16%

No3%

Not sure

309 PARTICIPANTS

3.4k views1 Comment

Sort by:

Group Director of Information Security in Bankinga year ago

'Cloud security' is a term which now encompasses lots of skillsets. Skillsets that now need to be considered are:
1. Securing cloud accounts / subscriptions requiring knowledge of the security and reliability pillars of 'Well Architected Frameworks'.
2. Tools that secure the boundaries of cloud accounts/subscriptions i.e. Firewalls, WAFs, Micro segmentation, CASB/CAASM etc.
3. Knowledge of security best practices for workloads and shared responsibility model for IaaS, PaaS, SaaS etc.
4. Knowledge of secure software development lifecycle (S-SDLC) if you intend to engage with active software development on the cloud platform.
While you consider hiring the staff, chances of one guy having knowledge of all of the above and more should be considered. I know I haven't answered your poll query but thought of highlighting the complexities behind hiring decisions related to 'cloud security'.

Content you might like

What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

In your organization, which team is primarily responsible for translating security frameworks (NIST, CIS, ISO, etc.) into specific enforceable cloud policies and ensuring their implementation?

CloudOps / Cloud Engineering – CloudOps team translates frameworks into policies and enforces them.

Security Architecture / Security Engineering – Security teams define and translate frameworks into policies, CloudOps just implements.75%

Governance, Risk & Compliance (GRC) – GRC owns framework translation and CloudOps just implements.25%

Other (please comment).

View Results

With the increased amount of cloud computing and the number of services available through cloud providers, do you think that in the next 10 years the world can go zero on-premise infrastructure?

Yes60%

No34%

Unsure4%

View Results

Have you hired any staff specifically for cloud security?

Sort by:

Content you might like

What cyber security metrics are CISOs of listed companies reporting to the audit committee of the supervisory board?

With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

Can you share any tips for new security leaders to identify blind spots in their organization? How have you approached this when starting a new role in the past?

In your organization, which team is primarily responsible for translating security frameworks (NIST, CIS, ISO, etc.) into specific enforceable cloud policies and ensuring their implementation?

With the increased amount of cloud computing and the number of services available through cloud providers, do you think that in the next 10 years the world can go zero on-premise infrastructure?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

DevSecOps: Strategies, Organizational Benefits and Challenges

Green Cloud Computing

Omnicloud: The Future of Cloud Computing?

How are U.S. CISOs Addressing Liability Risk?

Take Your Insights On-the-Go