Skip to main content
close search
site logo

Microsoft cloud security exec challenges organizations to ditch outdated practices

Modern systems and modes of attack demand a dynamic and realistic approach to security, Shawn Bice said. The problem can be managed, not solved.

Published Sept. 16, 2022
Matt Kapko's headshot
Senior Reporter
Cloud Network Solution digital background. Cyber Security and Cloud Technology Concept
da-kuk via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Decade-old strategies haunt the practices and application of cybersecurity. The actions of threat actors, however, evolve and they evolve quickly.

“I think we need a new mindset,” Shawn Bice, corporate VP of cloud security at Microsoft, said Wednesday during Rubrik’s virtual Data Security Summit. “We’re under threat every day, but the future of cybersecurity requires us to fundamentally shift how we think about this space.”

A stubborn reliance on outdated conventions puts cybersecurity practitioners at a disadvantage when confronting modern modes of attack.

This problem extends to, and is exacerbated by, the term security itself, which Bice described as “a bit of a misnomer.” The definition of security — free of danger or threat — could lead to the wrong approach, he said.

“This is a game with no agreed-upon rules. Players can be known or unknown, and frankly winning is just staying in the game,” Bice said. “This is why it’s crucial to have the mental model that cybersecurity is a problem you manage.”

But the counterpoint is, cybersecurity is not a problem that can be solved.

As the technology landscape evolves to power modern applications and systems, organizations frequently use software from multiple cloud vendors. Combine that with on-premises hardware and software accessed by a massive remote workforce, and it’s easy to see why the attack surface is so profound, Bice said.

“These parallel forces present more risk to our data than I’ve ever seen,” he said. “To protect against this vast threat landscape, everything must be secured. I don’t think we have this option of just picking and choosing what we secure. Everything needs to be secured.”

To that end, Bice said organizations need to better collaborate and openly share threat intelligence to make cybersecurity tools work more effectively across environments. Data resilience and recovery are also essential to managing risk, he said.

“Attacks can’t be 100% prevented,” Bice said. “I wish they could but they just can’t, and we have to think about resilience. We have to keep operating a business even while it’s being attacked.”

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell