People security functions in the cloud
People security protects the organization from risk of inadvertent human mistakes and malicious insider actions.
Modernization
Modernization of this function includes:
- Increase positive engagement with users using gamification and positive reinforcement / education rather than relying solely on negative reinforcement approaches like traditional "phish and punish" solutions.
- High quality human engagement: Security awareness communications and training should be high quality productions that drive empathy and emotional engagement to connect with the human side of employees and the organizations mission.
- Realistic expectations: Accept that users will sometimes open phishing emails, and instead focus success metrics on reducing the rate versus expecting to stop 100 percent of opening.
- Organizational culture change: Organizational leadership must drive an intentional culture change to make security a priority for each member of the organization.
- Increased insider risk focus to help organizations protect valuable trade secrets and other data with highly profitable illicit use cases (such as customer locations or communication records).
- Improved insider risk detection which takes advantage of cloud capabilities for activity logging, behavior analytics, and machine learning.
Team composition and key relationships
People security commonly partners with the following types of roles:
- Audit and legal teams
- Human resources
- Privacy team
- Data security
- Communications teams, for user awareness
- Security operations, for insider risk
- Physical security, for insider risk
Next steps
Review the function of application security and DevSecOps.