Cloud 101CircleEventsBlog
Submit a Peer Review for the AI Controls Matrix—a groundbreaking framework to address AI risks and strengthen security.

The C-Suite’s Long Embrace of the Cloud

Published 07/06/2021

The C-Suite’s Long Embrace of the Cloud
Written by Illena Armstrong, President, CSA.


Take a gander at any recent research report covering cloud services or security and you quickly find some persistent and common themes:

  • Spending on cloud services has not only grown exponentially during the pandemic, but will keep on rising as we continue to slowly return to some sense of normalcy. Indeed, according to recent Gartner research, 70 percent of organizations currently leveraging cloud services plan to increase these investments as we move on from Covid-related disruptions.
  • IT spending overall is shifting focus to cloud. That trend is expected to persist all the way through 2024, according to Gartner and I’m betting we’ll see sustained spikes well after.
  • No matter their current stages in the race to cloud, organizations quickly pivoted to leveraging these services to support robust and often far-reaching remote workforces during the pandemic. As a result, they realized the many benefits of relying on them. From reduced IT costs and improved uptime to increased agility and elasticity to experiencing DevOps-friendly environments, the reasons to move workloads to the cloud became obvious to many in the C-Suite, according to recent research from the Cloud Security Alliance and AlgoSec.
  • Cybersecurity know-how isn’t the only competence being sought. The need for cloud and cloud security skills on the teams currently tasked with overseeing these environments is at an all time high and is being consistently called out in various recent surveys as a top priority now and longer-term.

More Cloud Gains & Needs

Additionally, in making tactical moves to the cloud to keep businesses up and running, a slew of organizations saw sustained and, in plenty of cases, increased productivity, team collaboration, work/life balance benefits, scalability, innovative development and release of new offerings, and still more. As a result, all of these benefits and efficiencies conspired to actually validate for skeptical executives and true believers alike that cloud services underpinning their organizations’ computing infrastructure was (and is) a solid business proposition.

Cloud was a growing priority for many entities before the pandemic hit. Now, it’s the top and will likely remain in that spot for a mighty long time.

A runner-up will be addressing that dearth of cloud and cloud security expertise and skills currently plaguing most organizations. Burning Glass Technologies, a labor market analytics firm, found that the second fastest growing cybersecurity skill needed over the next five years is cloud security, following on the heels of application security development. This will become especially evident as executive leaders concentrate more on strategic business initiatives to focus on post-pandemic growth -- and a lot of it.

Next-Leveling it in the C-Suite

Crucial to that aim will be the CISO. Fortunately now, most business leaders who may have failed in the past to fully grasp the criticality of this role and cybersecurity overall understand this fact. And any lingering doubts were clarified by the pandemic and the many types and frequency of the digital onslaughts we’ve all witnessed. Just think SolarWinds, the Colonial Pipeline, the poisoning of a Florida-based water utility by means of a cyberattack, the Microsoft Exchange mass cyberassault… the list goes on.

Now, more than ever, there is an overwhelming C-Suite focus on cybersecurity. That once missing seat at the table is firmly in place, with 7 out of 10 IT decision makers engaged with other executive leaders on forging reopening plans for their respective organizations, according to a recent review of survey results in the “Security Behaviors Report” conducted and published by Tessian, a provider of email security software which is powered by artificial intelligence.

”There’s no denying that cybersecurity is now business critical and the CISO has a huge role to play in a hybrid way of working,” the report noted.

Calling All CxOs

Accounting for all these developments, it only makes sense then that we, as the leading vendor-neutral industry non-profit focused on all things cloud and cloud security for the last 12 years and counting, recently launched our CSA CxO Trust initiative. Given our robust membership, which sees the inclusion of cloud service providers, SaaS companies, startups, and the small, medium and large enterprises these vendors serve, we already reach many of the relevant constituents who have a vested interest in ensuring that current and future cloud and cybersecurity needs are addressed. And let’s not overlook all the practitioners who have helped to establish and drive our over 100 CSA Chapters that can be found across the globe.

Additionally, with the launch of our non-profit back in the day, we began our training and certificate program to help interested professionals obtain their Certificate of Cloud Security Knowledge. We recently added to this our Certificate of Cloud Auditing Knowledge and related educational offerings in partnership with longstanding non-profit ISACA.

Then, of course, there is the already burgeoning war chest of intellectual property -- which includes research, standards, best practices and still other guidance -- that we make available to members and, in many instances, the wider industry. From our Cloud Controls Matrix v4 and our Consensus Assessment Initiative Questionnaire (CAIQ) to our STAR Registry and newly launched Trusted Cloud Provider Trustmark, we empower organizations from all verticals and all sizes to understand, create and perfect their own cloud security strategies, question current/prospective vendor partners about the compliance with expected security controls, find providers that jibe with their own cloud security expectations and requirements, and more.

A Trusted Community with Reach

Now, through our CxO Trust, we intend to help CISOs tackle not only current and developing cloud- and cybersecurity-related challenges, but also facilitate engagement with other important C-level stakeholders, regulatory groups, and the myriad service providers vying for their business. The three pillars underpinning our initiative: building a Trusted Community, establishing a Collective Voice, and forging the Power of Influence, will help us accomplish this, our other aims to support the C-Suite and, of course, the ultimate goal of understanding and solidifying knowledge of cloud computing, as well as helping to progress solutions and standards to address the cybersecurity problems confronting all C-Suite stakeholders, their executive teams and governing bodies.

Our first step on this path was our face-to-face CxO Trust Summit on September 14th, 2021, during our SECtember Conference, running the week of September 13th and seeing hands-on training, testing for our various certificates, and, of course, our main conference program September 15th and 16th. Amazing industry thought leaders and other top minds shared their experiences, advice and guidance. Additionally, our program and, for that matter, the entire week of SECtember, included valuable keynote speakers, panel discussions, tabletop exercises, breakout sessions, information-sharing sessions, training opportunities, networking gatherings, and so much more.

That’s only our start, of course. What CSA has done for the cloud and those varied practitioners responsible for its development growth and oversight over these last 12 years, we’ll be doing for the C-Suite for many more to come. For those of you engaging in that long embrace of the cloud, CSA’s CxO Trust is for you.

Share this content on your favorite social network today!