false

Perspectives Home / SECURITY

The CISO Guide to Cloud Security Transformation

Industry advisor LaLisha Hurt shares best practices for successful cloud security transformation.

LaLisha headshot

Digital transformation is no longer a ‘cloudy’ conversation

Digital transformation adoption is increasing and has become a key initiative across both the public and private sector. With the rapid migration of applications, databases and infrastructure, cloud computing is now a critical pillar to an organization’s digital transformation strategy and is no longer just a “cloudy” topic of consideration. As organizations move to a more digital approach and as the threat landscape evolves, security becomes a key business driver for true cloud adoption. But securing the cloud is no simple task. Splunk’s 2023 CISO Report reveals that Chief Information Security Officers (CISOs) call out cloud applications and infrastructure as having the biggest security coverage gaps across industries, with cloud applications impacting business services, healthcare and technology at 71%, 64% and 64% respectively, and cloud security impacting manufacturing also at 64%. 

As cloud and security converge, at the intersection you have a modern and secure platform that can help digitize services, increase efficiencies and productivity, scale growth and enable rapid recovery of critical systems. Cloud security transformation doesn’t happen overnight. It’s a journey that CISOs are taking with their business peers, extended teams and trusted industry partners to deliver the overall strategy, implementation and approach for business optimization. Here are some of my top tips for this journey. 

There is no transformation without collaboration

CISOs are thinking differently about security and risk management, and leveraging the entire village to build their organization’s cloud security strategy to include the Chief Technology Officer (CTO) and functional teams. At a minimum, three elements every CISO should consider in their cloud security strategy are:

  1. Comprehensive identity and access management
  2. Data encryption and privacy controls
  3. Continuous monitoring and incident response plan


The saying is true:  if you want to go fast, go alone; but if you want to go far, go together.” Collaboration along the way drives organizational resilience. Forty-two percent of CISOs say collaborations with software engineering/application development is vital to ensure resilience throughout the organization, with 40% citing the cloud team and 27% enterprise architecture. 

CISOs who are successful through any type of transformation have a strong security culture, strategy, roadmap and cross-functional change agents to help guide them along the journey.  They’re also given opportunities to embed security early and throughout the lifecycle process, adopt a zero trust philosophy and iterate business and mission use cases in alignment with regulatory compliance requirements.

55% percent of CISOs surveyed in The CISO Report maintain that they have opportunities to integrate security into all aspects of the software development life cycle, and 50% say that security should be an integral part of the modernization process.

The CISO Report

Cyber risk is a business risk

One size does not fit all when it comes to cloud security adoption and migration. CISOs, in strong partnership with their CTO, have options when it comes to determining the model that best aligns to their customers’ and organization’s needs. They should consider whether to develop a centralized, federated and/or hybrid model, depending upon the mission outcome they’re aiming to achieve as well as the business risk they’re attempting to mitigate. In securing the cloud, CISOs are anchoring their transformation approach around three key business drivers:

  • Scalability: Flexible, with the ability to increase with business growth
  • Multi-tenancy: Customers can share infrastructure resources without compromising privacy and security
  • Efficiency: Streamlined processes for increased productivity and improved customer delivery

Optimization requires continuous improvement

CISOs play a crucial role in optimizing best practices to protect their organizations’ data and infrastructure in the cloud. Optimizing cloud security best practices involves continuously improving infrastructure, applications, and operations to achieve better performance, security, and scalability. CISOs are leveraging data driven approaches, automation to reduce manual workload and continuous controls monitoring to implement effective strategies to remain resilient in the face of evolving threats.

Here are four questions every CISO should be able to answer about their cloud security posture:

  1. What are our critical data and assets in the cloud?
  2. Does our risk appetite align to our cloud strategy?
  3. What security controls and measures are in place for cloud security?
  4. How are we prepared to respond to security incidents in the cloud?


If CISOs can’t answer one (or all) of the above, it’s time to go back to the drawing board to reassess the cloud security strategy.

CISOs are key to the transformation

By 2027, Gartner predicts more than 70% of enterprises will use industry cloud platforms to accelerate their business initiatives, up from less than 15% in 2023. Cloud security is no longer a peripheral concern but a central pillar in an organization's quest for efficiency and productivity. The role of CISOs in this rapid transformation is paramount as organizations increasingly embrace digital transformation and cloud adoption in a secure manner. The convergence of cloud and security presents a modern and secure platform that can enable growth, digitalization and rapid recovery. And culture and collaboration are both essential on this journey, with CISOs working closely with their CTOs, IT operations, observability teams and trusted industry partners to define and implement comprehensive cloud security strategies that can transform and grow the business for the future.

Read more Perspectives by Splunk

SEPTEMBER 5, 2023  •  3 minute read

The Top 3 Challenges Threatening a CISO's Agenda

More than 1,500 security and IT leaders weighed in about potential threats in our recent research report, The State of Security 2023. Here’s what they’re worrying about the most.

November 10, 2023 • 4 minute read

The “Why” of Threat Hunting Has Changed

Threat hunting has become an essential feature of modern security programs, but when was the last time you stopped to ask, “Why?”

November 2, 2023 • 18 minute watch

How the C-Suite Should Think About AI Today

Here’s why being methodical in an approach to AI adoption will increase efficiency and deliver more value to customers.

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.