When talking about the cloud, we often discuss major providers — the hyperscalers — and it’s easy to overlook specialty companies doing great work focusing on a specific area. One such organization is GoodData — a real-time, open, scalable, cloud-native business intelligence platform-as-a-service, for analyzing, utilizing and monetizing customer data.
With GoodData being used by over half of Fortune 500 companies, it’s imperative its platform is secure — and much of that responsibility falls to Chief Information Security Officer Tomas Honzak. An industry veteran, Tomas believes something else is too often lost in the conversation about cutting-edge cloud technology, particularly when it comes to security: people.
Tomas recommends other CISOs embrace culture as much as technology if they want to succeed: “Be present and part of company life — be involved and build your security organization and team in a way that feels natural for the rest of the company.”
This belief in creating a culture of involvement and buy-in — a very human side to security — forms the spine that runs through the latest episode of the Cloud Talk podcast. Rackspace Technology Chief Technology Evangelist Jeff DeVerter and Tomas Honzak’s lively and wide-ranging discussion covers, among other things:
- Why security success depends on fostering communication and a culture of shared responsibility
- How the mass shift to digital workloads and work-from-home requires security officers to think holistically
- Why you should prize resiliency and accountability rather than believe you can protect your company 100%
- Why security teams require a first-class seat at the table during partnership discussions and implementation
- How mentoring and giving back to the community can help you become a better professional
This is all positive thinking; the flip side is a darker path awaiting those who fail to heed these lessons. In marginalizing the human aspect of security, a CISO could even put their entire company at risk. “The problem with information security is if you overdo it, you’re not helping — you might be slowly killing your business,” said Tomas. “People will work around your technology. Security officers might think everything’s in order, but sensitive and confidential data will appear where it shouldn’t. And if you don’t know where your data is and how it’s flowing between whoever needs access, how can you keep it secure?”
This is why Tomas remains convinced a major priority for any CISO should be to build a security-minded culture and to understand you “can’t just stop — you can’t think you’ve done it and move on.” Much of this comes down to good communication: “You must explain security to everyone in your company in a way that’s easy to understand, and balance activities so although people might find security brings obstacles, it makes sense to them.”
Once again, then, this is a deeply technical conversation that comes back to communication — how you talk to staff, partners and customers, to ensure you’re not erecting barriers to positive customer experiences and better security. With that in mind, Tomas’s final words ring true: “Like any other discipline, security is all about technology, processes — and people.”
Stay on top of what's next in technology
Learn about tech trends, innovations and how technologiest are working today.Subscribe