• United States



Vice President, Intel Security Group

It’s a Quarter-past Cloud, Do You Know Where Your Data Is?

Nov 08, 20164 mins

Cloud adoption is not something in our future—it’s today’s reality. Recently, Intel Security, like many other enterprise organizations, implemented a “cloud first” policy. That is, we prioritize on cloud-focused architectures for our solution development and business to ensure we meet the scalability and agility requirements of both the public cloud and private cloud data centers. And we aren’t the only ones. According to the latest SANS survey, “Security and Accountability in the Cloud Data Center,” almost a quarter of respondents (24%) are in organizations adopting a “cloud first” strategy. The shift to the cloud is on, and moving at lightning speed. Leveraging the cloud is essential for organizations to keep up with business demands and stay competitive.

Vanishing Perimeter Erodes Defense

In the past we had centralized IT, where it was easy to draw a line around the boundary of the organization and rely on perimeter security to keep the organization safe. With highly mobile and cloud-savvy end users dominating your workforce and your lines of business dependent on cloud-based applications, the network perimeter has become permeable. Now, it is nearly impossible to draw a tidy line around where your organization ends and the internet begins. 

The erosion of the network perimeter, coupled with end-user access to cloud applications and compute, has resulted in today’s decentralized reality. In a perimeterless environment, the speed at which data can move from a device to the cloud, and the many paths that it can take, make it extremely difficult for security professionals to maintain visibility and control of corporate data. 

Cloud Security

According to the latest SANS research, most organizations believe the agility and flexibility of cloud-delivered services outweigh the perceived loss of visibility and control. Seventy percent of respondents’ organizations use public cloud computing services despite long-standing fears about information security and the lack of visibility into cloud provider security controls.1 

Among other notable findings from the SANS study, 48% of respondents store employee data in the public cloud, and 24% store customer financial information even though 62% find unauthorized access by outsiders and cloud tenants (chosen by 59%) to be their biggest security concerns related to cloud application use.  

Cloud Security Requirements

The evolution to cloud has brought to us faster line-of-business provisioning, elastic scaling, as well as portability and fluid cost models. We find ourselves in a digital landscape that is much more agile and elastic than our current security solutions were built to address. 

It is imperative that cloud security solutions deliver these three requirements:

  1. Monitor what is happening in the cloud. Determine what new workloads have been spun-up and if they are secure. See and control east-west traffic and provision security automatically as needed.
  2. Provide visibility of Shadow IT. Automatically apply data security and malware protections to discovered SaaS applications and sensitive data in the public cloud. Discovery is only part of the solution. Obtaining visibility of SaaS application and AWS workload usage in your organization is important, but don’t stop there. Data protection and malware detection are needed for your public cloud instances, to ensure sensitive data is secured and your resources are monitored for a breach or an attack.
  3. Unify private, public, and hybrid security in one management and communications platform. A new approach is needed for integrated, automated, and orchestrated security. This is the only way to ensure that security in, to, and from the cloud is as simple, economical, and secure as any other cloud-enabled service.

Most firms adopting the cloud are adjusting their security programs to ensure a secure transition. They are also partnering with security vendors that recognize that cloud may require changes in the solutions they bring to market. 

Moving to the cloud is inevitable. Moving to the cloud securely is imperative. You need a new generation of security and privacy technology to enable cloud-driven business, and that is why you require a security partner that is committed to building “cloud first” solutions.


1 “Security and Accountability in the Cloud Data Center: A SANS Survey,” October 2016

Vice President, Intel Security Group

Candace Worley is a senior technology executive and recognized thought leader in the endpoint security industry. For the past 20+ years, she has developed and delivered successful enterprise software solutions resulting in notable market growth and new revenue streams for global companies. As Sr. Vice President and General Manager for McAfee Enterprise Endpoint Security (recently branded Intel Security) Candace built her reputation as a respected business leader; known for her predictive insights, strategic vision and ability to execute. Initially joining McAfee as a product manager in 2000, she advanced rapidly within the company, and by 2010, was appointed Sr. Vice President and General Manager. She is currently Vice President of Enterprise Solutions Marketing responsible for go-to-market strategy and alternate routes to market, global enterprise messaging, solutions pricing and packaging, technical marketing, pricing and licensing strategy, and competitive intelligence across the ISecG corporate products portfolio. As a member of the senior leadership team at Intel Security, Candace plays a key role as a solution and corporate spokesperson with customers, analysts and press. Candace holds a Masters of Business Administration from Marylhurst College in Oregon and a Bachelor of Science in Management from Oregon State University. Candace currently resides in Oregon. She spends her free time gardening, cooking and traveling.

More from this author