No, It’s Not Just You: Enterprise Security Really is Hard.

No, It’s Not Just You: Enterprise Security Really is Hard.

There is a reason why cloud security is always a first concern in enterprise cloud adoption, and it’s not only because companies don’t want to see their names in the news. As Bill Shinn, senior consultant for AWS Professional Services pointed out, cloud security is the first issue to emerge because enterprise security is just plain hard. It requires a huge amount of planning and processes.

When was the last time you heard a security admin say, after a security audit with regulators or internal auditors, “Wow, that was great! I can’t wait for the next one!”

Probably not often. That’s because enterprise security is complex, said Shinn, who spoke at the AWS Summit in San Francisco. As with so many other things: The technology isn’t as much of a barrier as is cultural change. When security is done with traditional processes, safeguarding data can be a bottleneck. And as we know all too well: It’s human nature to go around a bottleneck.

Shinn described AWS’s customers’ expectations: for the company to be more prescriptive, beyond its technical architecture. As he said, AWS customers and partners also want it to adapt to organizational behaviors. Enterprises want AWS to help it evolve security programs, leadership styles, and processes so that they can take advantage of the cloud. His technical session went beyond technology, including also how modern security organizations have evolved their key security processes, using cloud services to become faster-moving and become far more secure.

Enterprise security is a complex undertaking, with big budgets and large departments with a significant commitments to resources. And that is without mention of the threat landscape and the increasing sophistication of attacks. Add to that the ever-changing regulatory environment, particularly as companies expand businesses globally with different security and privacy regulations.

“Security is hard today because enterprises don’t have the ability to detect unwanted change and course-correct in an iterative, low risk way that reduces the impact of failure,” Shinn said.

Shinn went over numerous AWS services (including CloudTrail AWS Config and CloudWatch Logs) that enable users to change and course-correct these changes with minimal risk. Doing so significantly reduces the amount of planning and processes traditionally involved with security changes, he said, thereby making security faster while keeping corporate data safe.

Shinn stressed that security should move fast; it has to. “The attackers move fast and you have to keep up. Security should be the thing that moves the fastest in an organization, so that you can respond and get ahead of risk.”

Manny Lopez

Manny Lopez is a Druva Product Marketing Manager. He has more than 15 years experience in market research, focused primarily in the areas of competitive analysis. Manny has a diverse background: Most recently he was at Accellion, where he took the lead on building and executing on it competitive analysis program. Previously, Manny was with Cohn & Wolfe, a PR agency, where he focused on competitive intelligence gathering and synthesizing for their top clients sales and executive teams. His deep background in market research spans many years, including being a research analyst with analyst house IDC, based in their Hong Kong and Beijing offices.

In his free time, Manny can be found at any number of playgrounds surrounding the Lamorinda area with his two kids (ages 6 and 5) and his wife. He also enjoys working-out (especially running and mountain biking) and sneaking out of the Druva office to hit the gym.


Leave a reply

Your email address will not be published. Required fields are marked *