The group focused primarily on data protection and how it impacts their work environments. Many in the group have been looking at data protection initiatives over the past year and determining what methods would best improve them. One group member has been making use of a new cybersecurity dashboard to help communicate data and security initiatives to their board. Some company boards still have a lot of hesitation about the idea of storing customer credit card data should a breach ever occur, and the number of execs that seem to be moving away from storing that kind of data anywhere is growing. The group was comprised of executives from a variety of verticals and all of them had different concerns with the flow of data. They discussed the challenges of early PCI compliance and also talked about the shift to data protection in the cloud. Concerns about the nature of cloud-based threats came up, primarily in trying to discern what the biggest threat is. Is it an insider threat? Is it an insider with privileged access? Is it an outsider threat, like a vendor, who has some access to your system or could have been hacked themselves? This moved the discussion to the importance of Identity and Access Management solutions and how each group member has had to apply or reassess their approach to IAM in cloud environments.
The group also discussed their concerns about the nature of cloud vendor security. While many of these cloud providers will provide documentation saying they’ll protect the data housed on their system, at the end of the day, most of the execs felt that just having that written on a piece of paper doesn’t really guarantee much. There were also concerns about some cloud providers not really being transparent with how they apply security to their storage methods. One exec shared an experience where a cloud provider they were using likened their service more to an ISP provider, and refused to go into detail about how that exec’s data was being secured on their cloud servers. The group also found that many of the vendors are also a few months out of being able to support effective cloud security solutions.