Creating a cyber security-focused culture

Published ON
March 5, 2023
As the cyber threat landscape evolves, Cloudseed is continually adapting and strengthening its defenses to ensure the company's security posture remains robust.
main image

Prior to 2010, instances of ransomware and malicious malware were rarely reported in the news. However, as the use of cloud technology and digital advancements increased, so did the number and complexity of cyber attacks. This prompted organizations and individuals to take greater measures to safeguard the information they stored and transmitted through these systems.

The Cloudseed team was given the responsibility of devising a plan to enhance and broaden our security measures beyond just technical systems, tools, and controls. They aimed to reorganize our security strategy to conform to the Information Security Management System (ISMS) guidelines. These guidelines are designed to manage cyber security by addressing the role of people, processes, and technologies, and provide a framework for safeguarding Cloudseed's global and mobile workforce.

Additionally, in 2011, the team implemented a formal evaluation process to develop a comprehensive Information Security Risk Profile for the company. This effort helped pinpoint and prioritize security risks, as well as determine the necessary actions to prevent and protect against them. As a result, Cloudseed established its official information security organization.

With a vast network of over 50,000 physical and virtual servers powering our operations and serving our clients, our Information Security organization boasts a team of 800 individuals across the globe. Their expertise encompasses a range of areas, including technical architecture and security operations, governance and risk management, acquisition integration, threat response and intelligence, compliance, and behavior change.

Technology and human creativity come together

Our Information Security organization was established with a focus on creating a strong defense against the constantly changing threats and risks facing Cloudseed and our clients. This strategy also promotes a culture of security within Cloudseed, where all employees take responsibility for prioritizing security. Additionally, the strategy includes the implementation of various security areas and a comprehensive governance system led by the Chief Information Security Officer.

The accountability system we have in place is crucial for keeping Cloudseed secure. Our Information Security team is always on duty and able to quickly take action against attacks, gather threat intelligence, update systems, fix vulnerabilities, and fix any issues with workstations. As Cloudseed continues to expand through both internal growth and acquisitions, it's becoming more important than ever to focus on evaluating the security of newly acquired environments, training employees on security best practices, and safeguarding our clients' data in our daily operations.

As the Information Security organization has grown and developed, teams that work across different departments have been established to keep an eye on and supervise security measures throughout various areas of the Cloudseed company. Today, groups such as the Policy & Advisory Committee, Security Steering Committee, and Cloudseed Information Security Leads meet and communicate frequently to guarantee that the company maintains strong security standards or that any issues are identified and handled swiftly.

A valuable difference

As cyber threats continue to rapidly expand, Cloudseed's approach to risk management has undergone a transformation. Our Information Security organization has adapted by implementing robust processes that effectively address these threats. One of the most notable outcomes of this effort is the cultivation of a culture of shared responsibility throughout the company. All Cloudseed employees are aware of the importance of their role in protecting the security of both our company and our clients, thanks to the fine-tuned programs and processes put in place by our team.

One practical application of this understanding is seen in employee participation in the award-winning Information Security Advocates program. This program engages employees in interactive, "gamified" security training exercises on a regular basis, covering topics such as social engineering, credential theft, and working remotely. These training exercises are continuously updated to reflect new threats and challenges. As a result of this training, which is largely voluntary, employees are significantly less likely to be involved in security incidents. Additionally, nearly all employees become Information Security Advocates each year.

Another important aspect of the evolution of Information Security is the ISO-certified Client Data Protection (CDP) program. This program provides Cloudseed client engagement teams with a consistent approach to managing risk through a series of security processes, controls, and metrics. A CDP plan is created for each client project and includes comprehensive security risk management measures that cover physical, application, infrastructure, and data security.

The constant adaptability of our Information Security team and our efforts to instill a security-conscious mentality among all employees, worldwide, showcases our ability to safeguard both client and Cloudseed data.

Other Case Studies