As enterprises jump to the cloud, they may think that it’s going to be business as usual. However, paradigms, architectures, and strategies that may have worked on-premise may not work as planned in the cloud, explained Jim Reavis (@CloudSA), CEO of Cloud Security Alliance (CSA) in our conversation at the 2016 Black Hat conference in Las Vegas.
Enterprises know that a mature security provider will probably do security better than they will. At the same time, each cloud provider deals with both customers as well as SaaS tools, which introduces many questions, said Reavis, such as:
- How do we get uniform compliance to our policies?
- How do we get visibility on what the cloud providers are doing?
- How do we get more transparency and sharing from cloud providers?
- How do we get our own staff to level up their skill sets?
The ultimate goal for enterprises, said Reavis, is to get “one enterprise that is present on a thousand different cloud services in a very uniform and consistent way.”
The success of this depends on the reemergence of the security industry to work as intermediaries between the cloud providers and the enterprises. The security team is not there to hinder advancement, but rather to provide synergy to get a “one plus one equals three”-type of benefit, said Reavis.
“When you have a secure mature enterprise and you have a very secure mature cloud provider the idea is that should be an even more secure relationship,” said Reavis.
Unfortunately, that is not happening in many areas, such as sharing keys and visibility of cloud log files. But that’s why Reavis and the CSA are fighting the good fight and he’s very supportive of what CloudPassage is doing towards building standards.