The support security leaders need for better cloud security

Timothy De Block points out an obvious, but often overlooked, key to getting better security from the cloud

cso executive ignore overlook

How are your efforts to align with the business and migrate to the cloud going? What role is security playing?

Many security leaders are struggling to find the path to a more secure cloud. That's why it was the first topic in the Leading Security Change series.

Consumed with addressing the concerns, have you overlooked a key element of your success? Your team.

An insight courtesy of  Timothy De Block (LinkedIn, Twitter), co-founder of ColaSec.  “We focus on getting executive buy-in. But what about the security team? Without buy-in from them cloud implementation becomes a much more difficult process.“

He’s right.

Often we overlook our team in the pursuit of business alignment. We just expect they’ll come along for the ride. We expect them to just follow our lead.

We need their buy-in. It is the key to championing a more secure cloud across the organization. It leads to better solutions that improve how we protect systems and information.

The evolving relationship between security and the cloud

As De Block explains, “ask someone in security about the cloud and note the hesitation. Some are starting to see the benefits of cloud, but most remain skeptical. A lot of that has to do with trusting another entity to do the job. Job security and handing over responsibilities is another concern. A diminished role has the perception of the eventual elimination of that role.”

Security leaders are under pressure. As executives signal a move to the cloud, they can lead, react, or get cut out of the process. That pressure and decision impacts the team, too.

The downside of a disengaged team

What happens when the team doesn't see the benefit of the cloud?

According to De Block, it starts a cascade of events. “A security team without buy in has no motivation to see adoption succeed. That's not to say that a team member would sabotage a project, but mistakes are more likely.”

It’s natural.

Most security teams have more work than time. When they aren’t supportive of the cloud migration, it becomes a secondary focus. The attitude reflects in their discussions and the meetings they attend. Requests for reviews get delayed in favor of more interesting, more pressing efforts.

The friction created by the security team is often expected. And handled in a predictable way. Labeled a roadblock preventing process, the security team gets cut out of the process. No more invites to meetings. Decisions made without security input.

Security leaders no longer get judged based on their individual efforts. The experience others have with the team impacts how others perceive the security leader.

This isn't what security wants.

The security team actually wants what everyone else wants

De Block is quick to point out “the security team wants what everyone in the organization wants. They seek inclusion in the decision making process. To make valuable contributions to the organization, and to enjoy those contributions.”

Most security practitioners are passionate, clever, and curious. How are you tapping into that opportunity?

A benefit of the cloud is the “forcing function” -- improving security for everyone. Is your team encouraged to explore those options? Are they experiencing the upside of the cloud? Do they get to experiment and test as part of their responsibilities?

As De Block explains, “the result of that freedom is how they explore cloud technology on their own. This leads to a better understanding of the technology. The benefits, weaknesses, and even creative solutions to difficult problems.”

Unleash your team to learn and solve problems. Learn from their experience. Let them bring that positive attitude and experience to meetings. Earn the recognition as problem solvers and accelerators of the process.

Instead of shunning security, people start inviting them to more meetings.

Enable the business by enabling your team first

The cloud is changing the way we do business. It’s challenging the way we secure our systems and information. How are you serving the needs of your team on this journey?

Let people voice their concerns. Celebrate solutions. Figure out how to use the power of cloud solutions to benefit the team. Maybe it’s a way to outsource important functions. Or automate important tasks. Show how it frees up time and energy. Focus on higher value efforts as a result.

De Block sees some extra benefits to empowering the team, too. “Let them see that the cloud not only benefits the business, but also benefits them. We are all aware of the information security and skills shortage. The cloud is a good solution for overcoming some of those challenges.”

Check out the roadmap and insights shared in Leading Security Change: The Way to a Secure Cloud. Use it as a conversation starter with your team. Then bring the conversation to others. Work together to get them what they want -- with better protections.

Your team is the key to better business alignment. As they interface with other teams, they make better security possible. Feed their needs and everyone wins.

New! Download the State of Cybercrime 2017 report