People security functions in the cloud

People security protects the organization from risk of inadvertent human mistakes and malicious insider actions.

Modernization

Modernization of this function includes:

  • Increase positive engagement with users using gamification and positive reinforcement / education rather than relying solely on negative reinforcement approaches like traditional "phish and punish" solutions.
  • High quality human engagement: Security awareness communications and training should be high quality productions that drive empathy and emotional engagement to connect with the human side of employees and the organizations mission.
  • Realistic expectations: Accept that users will sometimes open phishing emails, and instead focus success metrics on reducing the rate versus expecting to stop 100 percent of opening.
  • Organizational culture change: Organizational leadership must drive an intentional culture change to make security a priority for each member of the organization.
  • Increased insider risk focus to help organizations protect valuable trade secrets and other data with highly profitable illicit use cases (such as customer locations or communication records).
  • Improved insider risk detection which takes advantage of cloud capabilities for activity logging, behavior analytics, and machine learning.

Team composition and key relationships

People security commonly partners with the following types of roles:

  • Audit and legal teams
  • Human resources
  • Privacy team
  • Data security
  • Communications teams, for user awareness
  • Security operations, for insider risk
  • Physical security, for insider risk

Next steps

Review the function of application security and DevSecOps.