All we ever seem to hear about these days is the communication gap that exists around cloud between DevOps and IT Security. However, there is one you have become much too familiar with… the communication gap between you and your Board of Directors, regarding what you are doing to enable digital transformation. It’s time you start to speak each other’s language to achieve more and remain secure. With the reality that cloud is more and more central to your corporate strategy, having the ability to communicate meaningful information to the Board of Directors in ways that make sense to them would make life a lot easier.
Gaining a common language
When you start that first conversation about making the move to the cloud, there are a lot of pieces to the puzzle that need to be understood before you can even think about putting them together. This begins with getting your Board of Directors on the band wagon and building a strong understanding of what moving to the cloud actually means. In their minds, it may be a simple shift to cloud-based applications like Microsoft 365®, but you are also talking about workloads moving to and new applications being built in AWS, Microsoft® Azure™, and Google Cloud Platform™—two very different conversations.
There needs to be an educational element in your pitch that speaks to what migration you are looking to make and the value the cloud can provide to the business. Speak their language. For you, moving to the cloud means great agility, more flexibility, and automation for your security teams, but that doesn’t necessarily translate to a positive business outcome in their eyes. For example, explaining that moving to the cloud means shutting down a data center (CAPEX) and shifting to costs tied to true company benefits (OPEX) starts to make ears perk up.
When talking to the Board, they are looking for you to tell them how security is benefiting the business, not how you will need more money to secure the cloud—ROI. So, how do you change the conversation? Rather than looking at cost in terms of spending, you need to turn the conversation to one that translates how using the cloud not only delivers better security, but also delivers greater value through the benefits they will love—speed, agility, and flexibility, all things that will help the business grow and prosper. It is all about context.
Metrics for Success
You also need to define metrics for success so they can see how security and the cloud are positively impacting the company. The metrics need to be about continuous improvement, as nothing is perfect at the beginning. Explain how the organization can improve with the cloud in terms of faster delivery to customers and other key benefits. And once the transition to cloud delivery is occurring, showing your Board the incremental improvements along the way will deliver tangible metrics on value and keep them in your corner.
There is also an immense amount of importance in displaying these improvements or any type of data, really, in ways that invite greater context and understanding. For example, if you are showing the Board a bunch of security data that illustrates thousands of attacks experienced by the organization, they will likely be unimpressed. However, it you preface that the organization was previously experiencing such attacks without your knowledge (unknown risk = bad), and the new security was able to give you visibility into the attacks and a defense against them, you may just get a smile. Now they are thinking about how this helps them with risk, breaches, and compliance—speaking their language. The medium is the message: If you frame and explain data in meaningful ways for your Board audience, you’ll have a lot greater success.