Around 2007, Jim Reavis heard author Daniel Burrus speak about solving tomorrow's problems today. At the time, Reavis learned about cloud computing while looking into virtualization. He saw a connection..
“The 'tomorrow problem' to solve was that people are going to be into this technology and they won’t have a defensible set of best practices to be able to communicate to their business owners, risk management auditors, all those sorts of people," Reavis shared with Todd Fitzgerald, vice president fo cybersecurity strategy of the Cybersecurity Collaborative, during a CISO Stories podcast. "So the idea was ‘Lets start working on that,’ understanding that’s not a problem right now, launching in the 2009 timeframe.”
What Reavis launched was the Cloud Security Alliance, a nonprofit organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
Listen now to episode 18 of CISO Stories: CISOs Cross the Bridge to the Cloud
From an enterprise point of view, Reavis said businesses are gaining confidence in infrastructure as a service, but is still finding software as a service to be a more complex scenario. For small businesses, it's a game of Follow the Leader, where they're following bigger companies they know and respect.
“Those big companies are doing assessments, they’re making sure that the security controls are in place, and the smaller guys aren’t necessarily doing it,” he said. “So we try to help to step in there and make sure there’s a baseline.”
Reavis is the president of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as cloud, mobility, Internet of Things and how to take advantage of them.