Reset the ticker back to “Zero days without a vulnerability”.

The Venom bug grabbed headlines this week, putting virtual machines at risk from an elevated privilege attack. Interestingly, Venom broke from the typical vulnerability narrative, as many in the industry pushed back and claimed the media buzz was exaggerated. We have to agree with the California Mason’s Michael Skaff’s careful wording: Venom is “worth your awareness.” This may not be bigger than Heartbleed, as claimed, but Venom does warrant a close examination of your virtual machine technology.

Last week we touched on how a new breed of CIOs is elevating the importance of the position by staying on the cutting edge of technology trends. This week, several CIOs came together to expand on the relationship between the CEO and the CIO. Brian Vellmure advised CIOs that the way to gain favor with the man at the top is to enable business goals with technology. Business units don’t care how the sausage is made; end users just want access to the tools that make them most productive. The CEO is the ultimate advocate for the company’s bottom line, and getting on his or her good side requires partnering with lines of business. To quote Equinix CIO Brian Lillie, no one wants a “CI-No.” Anonymous cloud expert Cloud Opinion chimed in with a concise three-step guide for CIOs looking to become competitive differentiators for their organizations.

At this point, skeptical CIOs have one obstacle in mind: security. While security needn’t prevent employees from using tools such as cloud services, we do agree with Avenade CIO Chris Miller: information security should have a presence in the boardroom. Prioritization from the top of the organization is necessary not only to secure proper funding and support for security projects, but also for cultural buy-in.

How important is a security-minded workforce? In an article shared by Tim Grievson, government IT professionals revealed that the largest threat to their organizations are “careless and untrained insiders.” Only 31% are very confident in their policies’ ability to defend against insider threat, and 14% are not confident at all. Even well-intentioned employees can accidentally leak corporate data, and user education is one of the best strategies to prevent this.

It’s no surprise that this same security concern came up in an article shared by the University of Mississippi’s David Chou on wise information security spending. The article points out that in addition to training, there are a host of technologies that can help address security breaches stemming from human error. This vector of attack comes with a key challenge: defense strategies must include protection for corporate data accessed by employees outside of the office, the most common example being the use of unsanctioned cloud services that IT may not even be aware of.

The Definitive Guide to Cloud Security

The cloud is transforming business for the better. In this ebook, we will dive into the details of a framework for managing cloud security.

Download Now