The Inner Circle

Stop complicating cloud security

Secberus		remove preview
Stop complicating cloud security Security has always been complex, but the speed and volume of the cloud has made it exponentially more so.‍To deal with this complex ity, organizations typically break down security challenges into multiple pieces... ‍... hire more developers... ‍... deploy piecemeal solutions...‍... View this on Secberus >

Hello. We're just ramping up on Inner Circle. And I thought I'd start by sharing a message we're thinking a lot about at Secberus. Full transparency here --> we sell a SaaS Cloud Governance Platform. As we build, adapt, and shape this platform, we are constantly thinking of ways to educate, learn, share and help security leaders tackle security with a business-first approach. The link I shared sheds light on why and how we think enterprise orgs can do this. Basically it boils down to:

- Security is a complexity problem.
- The solution to this complexity is Cloud Governance.
- Cloud Governance is a combination of policy (including policy-as-code) and perspective (context + visibility).
- Cloud Governance leads to business acceleration. (We share five ways it does this.)

We welcome thoughts and a dialogue on if you agree with our rationale on why cloud governance is important, the structure of our cloud governance framework and the value it brings. 

If you don't have time to scroll the landing page (it takes about 10 minutes to read), the key messages for discussion include:

• Security is a complexity problem. The solution to complexity is governance. And the problem to be solved is how security teams can confidently make the right decisions in an environment of constant uncertainty while also accelerating the business rather than slowing it down.
• A governance strategy adds two elements to security posture management that elevate it from 'management' to 'governance': policy and perspective.
• Everyone in the organization has a stake in security, but not the same stake. Too much information, or information presented the wrong way, is as bad as no information. Everyone in the organization needs visibility that matches their context. 
• Implementing a security governance strategy makes your business more agile.

------------------------------
Karen Morad
Head of marketing
Secberus
------------------------------

Original Message:
Sent: 10/21/2021 6:07:00 PM
From: Karen Morad
Subject: Security is a complexity problem and cloud governance is the solution.

Stop complicating cloud security

Secberus		remove preview
Stop complicating cloud security Security has always been complex, but the speed and volume of the cloud has made it exponentially more so.‍To deal with this complex ity, organizations typically break down security challenges into multiple pieces... ‍... hire more developers... ‍... deploy piecemeal solutions...‍... View this on Secberus >

Hello. We're just ramping up on Inner Circle. And I thought I'd start by sharing a message we're thinking a lot about at Secberus. Full transparency here --> we sell a SaaS Cloud Governance Platform. As we build, adapt, and shape this platform, we are constantly thinking of ways to educate, learn, share and help security leaders tackle security with a business-first approach. The link I shared sheds light on why and how we think enterprise orgs can do this. Basically it boils down to:

- Security is a complexity problem.
- The solution to this complexity is Cloud Governance.
- Cloud Governance is a combination of policy (including policy-as-code) and perspective (context + visibility).
- Cloud Governance leads to business acceleration. (We share five ways it does this.)

We welcome thoughts and a dialogue on if you agree with our rationale on why cloud governance is important, the structure of our cloud governance framework and the value it brings. 

If you don't have time to scroll the landing page (it takes about 10 minutes to read), the key messages for discussion include:

• Security is a complexity problem. The solution to complexity is governance. And the problem to be solved is how security teams can confidently make the right decisions in an environment of constant uncertainty while also accelerating the business rather than slowing it down.
• A governance strategy adds two elements to security posture management that elevate it from 'management' to 'governance': policy and perspective.
• Everyone in the organization has a stake in security, but not the same stake. Too much information, or information presented the wrong way, is as bad as no information. Everyone in the organization needs visibility that matches their context. 
• Implementing a security governance strategy makes your business more agile.

------------------------------
Karen Morad
Head of marketing
Secberus
------------------------------

Original Message:
Sent: 10/22/2021 10:20:00 AM
From: JOHN DIMARIA
Subject: RE: Security is a complexity problem and cloud governance is the solution.

Thanks for this Karen.

I wrote a couple of blogs on this issue. They are both here:

Keeping Up With Changing Technology by Reducing Complexity

CSA STAR – The Answer to Less Complexity and Higher Level of Compliance

John A DiMaria; CSSBB, AMBCI, HISP, MHISP, CERP Assurance Investigatory Fellow Cloud Security Alliance m:+1 314 374-9752 e: [email protected]

This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.

Original Message:
Sent: 10/21/2021 6:07:00 PM
From: Karen Morad
Subject: Security is a complexity problem and cloud governance is the solution.

Stop complicating cloud security

Secberus		remove preview
Stop complicating cloud security Security has always been complex, but the speed and volume of the cloud has made it exponentially more so.‍To deal with this complex ity, organizations typically break down security challenges into multiple pieces... ‍... hire more developers... ‍... deploy piecemeal solutions...‍... View this on Secberus >

Hello. We're just ramping up on Inner Circle. And I thought I'd start by sharing a message we're thinking a lot about at Secberus. Full transparency here --> we sell a SaaS Cloud Governance Platform. As we build, adapt, and shape this platform, we are constantly thinking of ways to educate, learn, share and help security leaders tackle security with a business-first approach. The link I shared sheds light on why and how we think enterprise orgs can do this. Basically it boils down to:

- Security is a complexity problem.
- The solution to this complexity is Cloud Governance.
- Cloud Governance is a combination of policy (including policy-as-code) and perspective (context + visibility).
- Cloud Governance leads to business acceleration. (We share five ways it does this.)

We welcome thoughts and a dialogue on if you agree with our rationale on why cloud governance is important, the structure of our cloud governance framework and the value it brings. 

If you don't have time to scroll the landing page (it takes about 10 minutes to read), the key messages for discussion include:

• Security is a complexity problem. The solution to complexity is governance. And the problem to be solved is how security teams can confidently make the right decisions in an environment of constant uncertainty while also accelerating the business rather than slowing it down.
• A governance strategy adds two elements to security posture management that elevate it from 'management' to 'governance': policy and perspective.
• Everyone in the organization has a stake in security, but not the same stake. Too much information, or information presented the wrong way, is as bad as no information. Everyone in the organization needs visibility that matches their context. 
• Implementing a security governance strategy makes your business more agile.

------------------------------
Karen Morad
Head of marketing
Secberus
------------------------------

Thanks again for these articles John. From the first one, I believe you're saying fragmentation (and not looking at your security system) leads to complexity and therefore all of the things you outlined so well (inefficiency, ineffectiveness, etc.). But what role do you think Governance has in solving this complexity? I think we are operating with like minds. I'm not fully aware of all that the CSA offers regarding the STAR registry and the CCM, but it seems like that points you towards a business-first, context-rich approach (just as we oultined in our Stop Complicating Cloud Security asset).  

And for the second article, would you suggest that all companies (in and outside of CSA) be a part of the STAR Registry? I'll review V4 of the CCM, but curious to hear more about this from you as well.

Thank you!
Karen

------------------------------
Karen Morad
Head of marketing
Secberus
------------------------------

Original Message:
Sent: Oct 22, 2021 07:19:27 AM
From: JOHN DIMARIA
Subject: Security is a complexity problem and cloud governance is the solution.

Thanks for this Karen.

I wrote a couple of blogs on this issue. They are both here:

Keeping Up With Changing Technology by Reducing Complexity

CSA STAR – The Answer to Less Complexity and Higher Level of Compliance

John A DiMaria; CSSBB, AMBCI, HISP, MHISP, CERP Assurance Investigatory Fellow Cloud Security Alliance m:+1 314 374-9752 e: [email protected]

This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.

Original Message:
Sent: 10/21/2021 6:07:00 PM
From: Karen Morad
Subject: Security is a complexity problem and cloud governance is the solution.

Stop complicating cloud security

Secberus		remove preview
Stop complicating cloud security Security has always been complex, but the speed and volume of the cloud has made it exponentially more so.‍To deal with this complex ity, organizations typically break down security challenges into multiple pieces... ‍... hire more developers... ‍... deploy piecemeal solutions...‍... View this on Secberus >

Hello. We're just ramping up on Inner Circle. And I thought I'd start by sharing a message we're thinking a lot about at Secberus. Full transparency here --> we sell a SaaS Cloud Governance Platform. As we build, adapt, and shape this platform, we are constantly thinking of ways to educate, learn, share and help security leaders tackle security with a business-first approach. The link I shared sheds light on why and how we think enterprise orgs can do this. Basically it boils down to:

- Security is a complexity problem.
- The solution to this complexity is Cloud Governance.
- Cloud Governance is a combination of policy (including policy-as-code) and perspective (context + visibility).
- Cloud Governance leads to business acceleration. (We share five ways it does this.)

We welcome thoughts and a dialogue on if you agree with our rationale on why cloud governance is important, the structure of our cloud governance framework and the value it brings.

If you don't have time to scroll the landing page (it takes about 10 minutes to read), the key messages for discussion include:

• Security is a complexity problem. The solution to complexity is governance. And the problem to be solved is how security teams can confidently make the right decisions in an environment of constant uncertainty while also accelerating the business rather than slowing it down.
• A governance strategy adds two elements to security posture management that elevate it from 'management' to 'governance': policy and perspective.
• Everyone in the organization has a stake in security, but not the same stake. Too much information, or information presented the wrong way, is as bad as no information. Everyone in the organization needs visibility that matches their context. 
• Implementing a security governance strategy makes your business more agile.

------------------------------
Karen Morad
Head of marketing
Secberus
------------------------------

Hi Karen:

When I discuss "poor data governance and inadequate planning"I am in fact eluding to the issue of poor governance. 
Certainly, this means understanding the context of your organization and identifying all interested parties as well as inputs/outputs and expected outcomes.

Absolutely, I would suggest/recommend that all companies (in and outside of CSA) be a part of the STAR Registry. Why?
To quote one of our members:

"First and foremost, publishing your security posture does not mean sharing your entire catalogue of risk controls down to the wire for anyone to see. It typically consists of a list of industry-leading standards that your team is compliant with. This also means that if you do list a standard in your security posture, you most likely already have the answers to the associated questionnaire ready and available for a vendor".


Why you should publish your security posture publicly?
Here are some reasons why you should be publishing your security posture publicly:

1. It can establish your team as a security leader in your space.
By discussing data security and making a conscious effort to post your posture for vendors, customers, and partners to see, your team is making it clear that you realize the importance of data security and are going to do whatever it takes to prevent a breach.

2. It can help speed up inbound questionnaire requests.
When potential vendors can access at least the start of your security profile before the official vendor assessment process kicks off, they can do some of the preliminary heavy lifting for you, which can speed up the questionnaire process.

3. It gives potential vendors a place to start to see if a partnership would be compliant.
Instead of getting halfway through a vendor assessment to realize your security controls are not compliant, any potential vendors can do preliminary due diligence to ensure a vendor partnership is mutually beneficial and possible.

4. It gives your internal sales and/or procurement teams a place to point inbound questions before coming to your team.
And, finally, publishing your security posture publicly will give your internal sales and/or procurement teams a place to point questions about InfoSec efforts without looping in your team, giving you the space to focus on more critical efforts.

Would love to have a deeper conversation off-line and discuss all that the CSA offers regarding the STAR registry and the CCM.

If you are open to that discussion, please send me a private e-mail.

------------------------------
JOHN DIMARIA
ME
CSA
[email protected]
------------------------------

Original Message:
Sent: Oct 25, 2021 07:31:19 AM
From: Karen Morad
Subject: Security is a complexity problem and cloud governance is the solution.

Thanks again for these articles John. From the first one, I believe you're saying fragmentation (and not looking at your security system) leads to complexity and therefore all of the things you outlined so well (inefficiency, ineffectiveness, etc.). But what role do you think Governance has in solving this complexity? I think we are operating with like minds. I'm not fully aware of all that the CSA offers regarding the STAR registry and the CCM, but it seems like that points you towards a business-first, context-rich approach (just as we oultined in our Stop Complicating Cloud Security asset).

And for the second article, would you suggest that all companies (in and outside of CSA) be a part of the STAR Registry? I'll review V4 of the CCM, but curious to hear more about this from you as well.

Thank you!
Karen

------------------------------
Karen Morad
Head of marketing
Secberus

Original Message:
Sent: Oct 22, 2021 07:19:27 AM
From: JOHN DIMARIA
Subject: Security is a complexity problem and cloud governance is the solution.

Thanks for this Karen.

I wrote a couple of blogs on this issue. They are both here:

Keeping Up With Changing Technology by Reducing Complexity

CSA STAR – The Answer to Less Complexity and Higher Level of Compliance

John A DiMaria; CSSBB, AMBCI, HISP, MHISP, CERP Assurance Investigatory Fellow Cloud Security Alliance m:+1 314 374-9752 e: [email protected]

This e-mail account is used only for work-related purposes; it is not guaranteed that any correspondence sent to this address will be read by the addressee only, as it may be necessary, under certain circumstances, for third parties appointed by the Cloud Security Alliance to access this e-mail account. Please do not send any messages of a personal nature to this address.

Original Message:
Sent: 10/21/2021 6:07:00 PM
From: Karen Morad
Subject: Security is a complexity problem and cloud governance is the solution.

Stop complicating cloud security

Secberus		remove preview
Stop complicating cloud security Security has always been complex, but the speed and volume of the cloud has made it exponentially more so.‍To deal with this complex ity, organizations typically break down security challenges into multiple pieces... ‍... hire more developers... ‍... deploy piecemeal solutions...‍... View this on Secberus >

Hello. We're just ramping up on Inner Circle. And I thought I'd start by sharing a message we're thinking a lot about at Secberus. Full transparency here --> we sell a SaaS Cloud Governance Platform. As we build, adapt, and shape this platform, we are constantly thinking of ways to educate, learn, share and help security leaders tackle security with a business-first approach. The link I shared sheds light on why and how we think enterprise orgs can do this. Basically it boils down to:

- Security is a complexity problem.
- The solution to this complexity is Cloud Governance.
- Cloud Governance is a combination of policy (including policy-as-code) and perspective (context + visibility).
- Cloud Governance leads to business acceleration. (We share five ways it does this.)

We welcome thoughts and a dialogue on if you agree with our rationale on why cloud governance is important, the structure of our cloud governance framework and the value it brings.

If you don't have time to scroll the landing page (it takes about 10 minutes to read), the key messages for discussion include:

• Security is a complexity problem. The solution to complexity is governance. And the problem to be solved is how security teams can confidently make the right decisions in an environment of constant uncertainty while also accelerating the business rather than slowing it down.
• A governance strategy adds two elements to security posture management that elevate it from 'management' to 'governance': policy and perspective.
• Everyone in the organization has a stake in security, but not the same stake. Too much information, or information presented the wrong way, is as bad as no information. Everyone in the organization needs visibility that matches their context. 
• Implementing a security governance strategy makes your business more agile.

------------------------------
Karen Morad
Head of marketing
Secberus
------------------------------