Free Trial
Schedule Demo
Menu
Comments
Everyone from Deloitte to Ad Age to Forbes and many more are talking about why CMOs should care about cybersecurity and become more involved in the overall strategy. That makes sense as security moves beyond the purview of IT and becomes more of a board-level issue.
Having seen cybersecurity from publicly-traded company and venture-backed perspectives, I wanted to share some hints and tips with my fellow marketing leaders.
While some recommend CMOs become cybersecurity experts, laying out extensive process around it, that’s just beyond the capability and simple time demands of most of you. So where should you start?
One of the best articles I’ve seen to date, from CMO magazine in Australia, lays out 4 key things on which to focus:
Of the above, the first three are really mindset approaches that you’ll likely be able to get your arms around by giving the required time and attention with your own team, other customer-facing organizations, and your executive leadership team.
Number four is likely the most critical to getting a handle on your cybersecurity strategy. But you’ll likely need to do some homework. It’s no different than when you take your first trip to someplace like Italy – it helps to read up a bit in advance.
Fortunately, there are some “Rosetta Stone” guides before you go on your excursion if you’ve never been to Cyber-Milan before, all well-reviewed on Amazon:
So once you have your basic “language” structure down with an idea of some of the very basic concepts and terms of cybersecurity, you’ll want to get comfortable with the culture and some of the more common phrases before diving in.
I’d suggest you start with what is currently top of mind for most cybersecurity practitioners and executives – cloud security. According to Cybersecurity Insider’s Cloud Security Survey, 90% of security pros are concerned about cloud security, way up vs. 2017. In fact, 62% say their biggest threat is misconfigured cloud services.
For simplicity, when we’re talking about public cloud (Infrastructure as a Service) where your engineers have built the apps that your company delivers to your customers, we’re generally talking about Amazon Web Services, or AWS. They’re the 800 pound gorilla, as, Synergy Research Group states – they’re in a league of their own.
But why is cloud security such a big concern when Amazon (like Microsoft, Google, and the other major cloud service providers), spends hundreds of millions of dollars on security and has thousands of security experts around the globe working 24/7 to keep their cloud safe? (And they’re very good at it.)
It starts with what Amazon calls the Shared Responsibility Model. As shown below, AWS is responsible for the security “of” the cloud, and your company as an AWS customer is responsible for security “in” the cloud. As you can see, there’s a lot to be concerned about “in” the cloud- and it has to be managed differently than the legacy security approaches of the data center, virtual-machine world that predominated even a couple of years ago.
Now, many of you, particularly technology startups like CloudPassage, are cloud native, so have always had a cloud-based security approach. Yet, the scale and speed at which anyone in your company can consume services for free or by swiping a credit card massively expands what is called the “attack surface”. And, the speed at which AWS releases new services to your dev teams is staggering, making it difficult for your security teams to keep up. (For example, AWS released almost 500 new services and features in just one recent quarter.)
To learn more about the basics of Cloud Security, I highly recommend grabbing a free 7 day trial to Cloud Academy and taking their fine video course on AWS Security Fundamentals. It’s just over an hour and is awesome for beginners. (If you want a sub-101 level course to start with check out their course What Is Cloud Computing?)
Ok, at this point, you may feel good about some language skills, and know some key Cyber-Italian phrases. So, it’s time to take your new knowledge down to the local Italian restaurant (you know the real authentic one where the Nonna is in the back making the meatballs). You can do it by setting up an AWS account and using an honest to goodness cloud security tool on an AWS cloud storage service. (It’s easier than it sounds – some of the least technical folks on my Growth team gave this a whirl and found it easier than they thought as well as educational. Trust me, if you can handle Google Analytics and Marketo this will be a breeze.)
That’s it. You’ve gone beyond passing the annual pain-in-the-rear security training (yes, even here at a security company we moan about having to do that and our CISO has to stay after us to get it done).
Now you still know 99% less than your cybersecurity team, but they’ll appreciate all the questions and insight you now have, and the effort you put in to understanding their world – which is a profoundly difficult one to live in by the way. In any case, I hope this gives you a better idea about why CMOs should care about cybersecurity, as it is now everyone’s responsibility, from the top down.
In the meantime, take a look at the 2018 Cloud Security Report mentioned above. It’s a great read, packed with visuals and stats on overall cloud adoption and vendor trends that you’ll find intriguing.
Click to Enlarge