Security Is an Inherently Human Challenge
March 2, 2021
There hasn’t yet been a case where one technology hacked another. Security breaches always have to do with uniquely human attributes like greed. Someone wants to make a quick buck, steal IP, get revenge, or achieve a political advantage. Machines don’t care about those things—people do.
The fact is that technology is here to serve us, not the other way around. And since it’s humans who create and deploy technology, it’s humans who must safeguard its integrity. So says Edna Conway, Chief Security and Risk Officer for Microsoft Azure.
In our recent conversation for OpenView’s BUILDing to Boss podcast, Edna and I talked about why it’s so important to start with the human, not the technology.
“We can never lose sight of the reality that it is humans who attack the security of technology,” she said. “Defending against and mitigating the impacts of human attackers requires—guess what?—analysis of an inherently human factor: motivation.”
She’s not wrong. That’s why Edna always keeps the human factor in mind as she develops, deploys, and evolves security strategies and practices. This approach has served her well in her role of ensuring that the Azure cloud platform is, in her words, “the number-one trusted cloud platform on the planet.” She does this by ensuring that Azure is not only secure, but also sustainable and resilient.
“We can never lose sight of the reality that it is humans who attack the security of technology.”
Turns out that while it’s human nature that lies at the root of security challenges, the benefits of overcoming those challenges are also very focused on human nature. Specifically, the desire for confidence in a platform to be there whenever and wherever you need it—in a way that ensures you can do whatever you want and nobody will be able to see or manipulate your private information.
For better or worse, today’s platform economy—grounded in the cloud and mobility—increases the complexity of security exponentially. The inherent interconnectedness may enhance our productivity, but it also creates an expanded attack surface that makes critical infrastructure more vulnerable due to unaccounted risk.
This environment is shaping the emerging opportunities for up-and-coming companies and entrepreneurs. In Edna’s opinion, some of the greatest opportunities are closely related to questions of security. For instance, she suggested that startups ask themselves how they can deliver the most trusted service in their space. Trust can be a pretty compelling competitive differentiator. On a related note, she recommended making quality and resilience priority number one.
“The more connected we are, the more trustworthy we need to be.”
Looking ahead to the future of governance, risk, and compliance (GRC), Edna emphasized trust: “The more connected we are, the more trustworthy we need to be. For me, the future of GRC is about addressing a few key ingredients that are essential to trust: accountability, transparency, and verifiable integrity.”
Edna and I covered a lot more territory in our conversation. Listen to the full episode below to hear more about her amazing career path (which includes the New Hampshire Attorney General’s office, 15 years of private law practice, and a stint at Cisco), what mindset and attributes she looks for in prospective hires, and why it’s important to keep an idea’s shelf life in mind if you want to keep up with the pace of innovation.
Don’t miss an episode of BUILDing to Boss
Join OpenView’s Khira Gabliani, Kaitlyn Henry, and Casey Renner for honest conversations with exceptional women leaders who have built product-led growth companies that changed the way we work. Subscribe on Apple Podcasts , Spotify, or listen on our website.