Who You Gonna Call (For DataSec)>
Cloud Security Alliance – Ravi Ithal
So, before we boogie down, let’s seriously consider the question: Who You Gonna Call…for DataSec. In most organizations, this person is a ghost themself—there’s no one to call because they aren’t there or don’t know what to do.

DataSec Is a Huge, New Challenge To be clear, DataSec is about securing sensitive, regulated, or proprietary data in modern environments that have “shifted left” to cloud-native apps built with microservices.

I doubt any organization has planned for a dearth of DataSec professionals, much less being without anyone to lead the charge. If you’re all in on the modern approach, your organization’s next InfoSec hire really should focus on DataSec.

Before you look outside the organization, consider who’s already on board. ome InfoSec professionals are well positioned to quickly learn about DataSec and leverage what they know in this new world. In order to find and protect cloud data, they need to understand cloud architecture, how data flows, what kind of data is there, who has access to the data, and so forth. People with skills that let them think like a hacker (e.g., penetration testing) will do fine with DataSec.

DataSec leadership (or lack thereof) is soon to be even more prominent with cybersecurity disclosures required of public companies by the U.S. Securities & Exchange Commission. A proposed rule will require disclosure of a company’s policies and procedures to identify and manage cybersecurity risks; management’s role in implementing cybersecurity policies and procedures; board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk; and updates about previously reported material cybersecurity incidents. And no more hiding details behind obscure language: All disclosures must be done with Inline eXtensible Business Reporting Language.
Link: https://cloudsecurityalliance.org/blog/2023/03/10/who-you-gonna-call-for-datasec/