by Bil Harmer, Zscaler CISO for the Americas
Last month I sat down with Tom Field of Information Security Media Group (ISMG) to talk about cloud security. Specifically, we talked about why there are IT leaders who, in spite of the fact that they support moving apps and services to the cloud, are still reluctant to move security.
I see a few key reasons for leaders holding out.
Security professionals have worked for years to protect on-premises assets and they’re really good at it. It’s hard to let go of something that has worked, even though the environment and user behavior have changed dramatically.
I would suspect it’s also because security has historically followed the business—it’s never been security’s place to set the direction for the company. But that, too, has changed in light of shadow IT, mobility, and cloud apps. It’s up to IT to make sure the business is productive and secure. You can’t sacrifice one for the other.
We also talked about the need for InfoSec professionals to step out of their past as technical specialists and become problem-solvers on a business level. That’s going to require all of us to understand the business—its bottom line, goals, and, of course, its acceptable levels of risk.
Download the full interview here.