author photo
By Bruce Sussman
Mon | Nov 30, 2020 | 4:00 AM PST

Are you looking for relevant quotes about security in the cloud to help frame your thoughts or frame a discussion on the topic?

If so, you are in the right place.

We are happy to pass along top cloud security quotes from SecureWorld regional security conferences and digital platforms, like our webcasts and podcasts.

Top 10 quotes about cloud security

Here are 10 fantastic quotes on cloud security for your next presentation, team meeting, or research project. 

#1 - Misconfigurations:
"Amazon s3 buckets start life completely locked down. The only person or object that can write into those buckets or read from those buckets is the one who created it. So every breach you've seen associated with them, and it's been billions of records over the last couple years, is because somebody  accidentally assigned too permissive a policy to that storage bucket. When you're trying to build something its like 'well, we'll just give it more permissions. And now it works.' And they never lock them down again." — Mark Nunnikhoven, Vice President of Cloud

Research at Trend Micro on the Future of Cloud Security podcast episode.

#2 - Pivoting to cloud:
"I do think that cloud adoption is a pivotal part of our journey, but cloud carries some significant risks. Your adoption strategy has to have equal parts of progressiveness and conservativeness. Due diligence is absolutely required. The idea of the traditional corporate network is changing. And we need to be out in front of that change to ensure our users are secure, and that we're giving them the best experience that we can." — Adam Leisring, CISO, Paycor, during his keynote at SecureWorld Cincinnati-Detroit-Toronto.

#3 - Cloud adoption is like dating:
"We've all rushed into something before, only to realize maybe we skipped a step or missed something in our haste to move forward. In the cloud relationship, this can be a very expensive lesson regarding capital expenditures, or even worse, a security incident. So in an effort to help everyone understand where they're at with cloud, I break it down into phases, just like with relationships. I like to compare the cloud journey to five phases:  talking; dating; a steady relationship; cohabitation; and marriage." — Mike Lopez, Director of Cloud Services at Access IT Group, speaking at SecureWorld Boston

#4 - How security teams view the cloud:
"You know, when we first started to look at the cloud, more than 10 years ago, the general view was cloud is dangerous from a security perspective. There were so many things that you had to deal with: not having access directly, relying on a third party, perhaps, and it was a mess. The world has changed. In many cases the cloud is much, much, more secure than the on-premise environment. Especially for small and medium sized businesses where you can't afford to buy something, but you can rent a seat. The seat to the enterprise. So that gives you access to some of these security tools that are very powerful." — Dr. Larry Ponemon, Founder and Chairman of the Ponemon Institute, during a fireside chat at SecureWorld Detroit. 


Listen to the rest of our Fireside Chat podcast with Dr. Larry Ponemon on the state of information security:

#5 - Know what you're getting in the cloud:
"One of the biggest challenges with cloud vendors is that very often someone is signing up for cloud services without bothering to go through a contract review. Somebody just plops down a credit card and signs up for the service. I've done a lot of work with cloud vendors, I've actually worked for cloud vendors at times, and it's really important to read the terms and conditions, including around security, to understand what the cloud provider is providing for you." — Chris Shull, Interim CISO, Washington University, St. Louis, Missouri, during a Remote Session Broadcast on essentials of incident response

#6 - Shadow IT in the cloud:
"The guy from finance, for example,  just goes on the internet in search of whichever application he wants. He can take his own credit card and buy some licenses and connect online. And then information is starting to flow from the company to the cloud and no one really knows about it. They will afterward, however, when there is a breach or security incident. IT or security teams will be held accountable for that data link. But they didn't even know because finance bought a new application on its own. So they're kind of losing their control in today's environment." — Asaf Lerner, Director, Thales, speaking during a Remote Session broadcast: Why Authentication and Access Management Is the Foundation of Security in a Zero Trust World, now on demand.

#7 - Protecting your cloud data from ransomware:
"When it comes to primary ways to protect your organizations against ransomware, the first one is really the most important one. And that's just good, regular backups of data. And verifying that they work and doing that on a regular basis. Storing backups off site is number two because we find that a lot of backups that are in the cloud are still being hit. So to the extent that you can air gap or isolate your backups completely, that is highly recommended and makes it much much more difficult for the attackers to gain access there." — cyber attorney Daniel Pepper, Baker Hostetler, speaking at a SecureWorld virtual conference. Listen to the complete podcast episode: Ransomware and Digital Extortion, Should You Pay?

#8 - Implementing Zero Trust in the cloud:
"If the fundamental of cyberspace is about connecting things, your cybersecurity strategy ought to be based on an integrated defense. With an integrated defense, you can enforce a zero trust strategy: a little bit at the edge, a little bit more further upstream inside the core, and in other places all the way up at the cloud. With a cybersecurity strategy that's integrated, you can enforce zero trust across your entire network." — Phil Quaid, Global Chief Information Security Officer, Fortinet, during a Remote Session Fireside Chat: Cybersecurity for Proactive Defense in a Cy-Phy World, on demand.

#9 - Legal considerations shifting with cloud:
"Your cloud service provider is going to give you a contract and that contract will have certain security and privacy provisions in it. And you need to make sure how you’re using the cloud is consistent with your contractual language. And a lot of those cloud providers are going to be pushing the liability onto the user, the organization that is using that surface. You need to make sure you’ve shored up those liabilities and try to buffer that. And part of that is going to be your cyber liability insurance. If you’re using the cloud, insurance is going to look at you a little differently than if you’re using an on-prem." — Rebecca Rakoski, Managing Partner, XPAN Law Group

#10 - Shared responsibility in the cloud:
"For the shared responsibility model, pizza as a service is a way to think about. Okay, so you want pizza for dinner? How are you going to get pizza? You've got a lot of choices. You can make it yourself, you can do 'take and bake' from the grocery store, you can have pizza delivered, or you could go sit in a restaurant. This is what we face in the cloud today— you've got all of these choices. Make your own is like build your own data center, for example. And the trick is, from a security point of view, you have to understand that the business out there is choosing how they want their pizza and you have to know what kind of pizza they bought so you can properly secure it." — Mike Lloyd, Chief Technology Officer, Red Seal, at a SecureWorld Virtual Conference, see the conference calendar.

Thank you to all these security leaders, and many others, who regularly share their insights with the SecureWorld community. Your thoughtful way of discussing cloud security is appreciated.

Need more cybersecurity quotes for a presentation? Check out the related article: Top 20 Cybersecurity Quotes You Need to Hear.