Credit Suisse

The only thing that’s constant is change. We’ve gone from cloud migration to cloud evolution. And now, we approach a cloud-first mindset. This session focuses on the fact that any change brings with it both positives and negatives- and this change is no different.

• Knowing that a cloud first mindset has benefits and drawbacks
• Realizing the architecture, compliance, access, automation, talent, etc. issues inherent currently
• Unpacking the risk associated with standing pat vs. making a change
• Taking one small step for cyber security and one large step for your enterprise through continued cloud evolution

Defense in depth is still a conceptual positive for enterprise cyber security. But heaps and mounds of technical debt is an absolute negative. As each technology cycle shortens, organizations must balance adding solutions with the complete lifecycle value depreciation of the total cyber security stack.   

• Continue to benefit from threat protection, data security, compliance and visibility
• Adding the functionality of SD-WAN and ZTNA functionality potentially without additional partners or cost
• Gain cloud native network status 
• Identify the right partner by ascertaining if your current CASB provider is SASE-enabled and/or if SASE providers have proven use cases

The current state of affairs has uncovered vulnerabilities in extended enterprise resiliency. Over the past year, once reliable partners have fallen by the wayside. New partners proliferate the extended enterprise with new ones added on a daily basis. Any technology implementation is complex, let alone one that reconfigures your entire network infrastructure and architecture.

• Realizing that your extended enterprise (Vendors/Partners/3rd Party Suppliers/4th Party Players, etc.) all have their own unique issues
• Understanding that no matter what choices you make with SASE, there will be an uphill battle to achieve interoperability with your extended enterprise
• Taking the opportunity to refresh your extended enterprise to ensure trust and business resiliency throughout
• Continuing to up your extended enterprise game no matter the technology implementation in question

Cyber security team skill sets evolve with the advancement of technology. Such is life. But the pace of change has been exacerbated in concert with a global health disruption which has had deleterious effects on society and enterprise budgets. Somehow, CISOs must find a way to advance enterprise technology and the teams that oversee that technology no matter the external environment.

• Beginning with the end in mind: a sensibly automated cloud-first enterprise
• Examining in-house talent and uncovering scalable skills to be the means to that end
• Realizing that additional talent will need to be brought in no matter what your budget says at the moment
• Building towards a team that includes missing yet necessary skill sets

Barry Magsanay, Global Head of Information Security, Treasury Wine Estates

Cloud evolution is usually based on industry/regulations, budget and mindset. If the industry is highly regulated- cloud evolution is based on that fact. If the industry is not- cloud evolution is more about budget and/or mindset. It is now evident that the future of cyber security is at least mostly in the cloud. 

• IT: Focusing on operational efficiency and highlighting accountability 
• Business: Providing awareness 101 and bringing everyone along at their own pace to ensure we all wind up on the same page
• Facilities: Engaging local leadership and ensuring connectivity with local systems and services 
• Suppliers: Engaging security champions to spread the word to primary and secondary partners
• 3rd Party Partners: Engaging business technology partners to ensure their security is wrapped into the overall operations
• Provisioning each player according to the appropriate and necessary privilege access