EP93 CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Is My Data Secure?

Guest: Alicja Cade, Director for Financial Services, Office of the CISO, Google Cloud  Topics: We are talking about your journey as a CISO migrating to the cloud. Could you give us the overview of … What triggered your organization's migration to the cloud? When did you and the security team get brought in? Did you take going to the cloud as an opportunity to change things beyond the tools you were using?  As you got going into the cloud, what was the hardest part for your organization? If that was hardest, what was most surprising? Good surprise and bad surprise? How did you design security controls for the cloud? How do you validate and verify security controls in the cloud? How did you keep both security practitioners and the rest of your IT teams from lift-and-shift thinking? Did your data security practice change? Having covered all that tactical terrain, one final strategic question: is moving to the cloud a net risk reduction? Can it be? Resources: “CISO Walks Into the Cloud: Frustrations, Successes, Lessons ... And Does the Risk Change?” (ep80) “Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects” by Priyanka Vergadia “Cyberpolitics in International Relations” book CSA CCM v4 Cyber Risk Institute “Modernize Data Security with Autonomic Data Security Approach” (ep79) and the paper on autonomic data security. "Preparing for Cloud Migrations from a CISO Perspective, Part 1" (ep5) "Preparing for Cloud Migrations from a CISO Perspective, Part 2" (ep11) “How CISOs need to adapt their mental models for cloud security” blog