Not so long ago, the role of a CSO or a CISO was pretty straightforward: guard the network perimeter, and make sure the bad guys can’t get past the gate. But digital transformation is shaking up the fundamentals of security. In a recent RightScale 2018 State of the Cloud report, 81 percent of technology professionals stated they have a multi-cloud strategy. A perimeter-based approach to security won’t work, because traditional perimeters no longer exist.

The threat landscape is changing, too, as hackers look for ways to exploit vulnerabilities in these new environments. Today’s security threats are built to be highly automated and highly distributed—and they’re evolving fast.

All of these new security challenges are happening at a time when IT is reconsidering its role in the business. Technology teams are no longer merely communications service providers. They are strategic players driving the digital enterprise, developing and delivering innovative digital models. And when the mission of IT changes, CSOs and CISOs must adapt as well.


Security through and through

Our first responsibility is making sure that security is knitted deeply into the fabric of our company’s infrastructure, and company culture. Here at VMware, pervasive security is fundamental to our go-to-market strategy. My role is not only to protect the business from threats, but to enable a Go Fast strategy. That requires fostering a culture of security across the organization.

A sound security approach starts with understanding the nature of your business. Consider what risks are acceptable, and encourage people to think about security not simply as something you bolt on to fix things that are broken, but as a component of quality. For example, nobody understands exactly how applications are built better than the engineers themselves. So a powerful security initiative will inform and empower engineers to help them understand how to include more resilience in their development practices and processes.



Security is a shared responsibility

To succeed at these kinds of strategic initiatives, any business leader requires command and control. I’ve found that the most effective command and control is based on a foundation of trust. Everyone at VMware is important to our mission, so every person should have a voice. We encourage open communication and regular dialogue when it comes to security policies, recommendations, and practices.

We are also fanatics about the user experience. The better an end user’s day-to-day experience with security practices, the more invested that user will be—and the more successful the business outcome.  We make sure that everyone understands that they are ultimately responsible for keeping our environment secure.


What’s next

As VMware’s CSO, I’m excited to be in a position to put these kinds of strategies into practice. The fact that security is baked into our solutions at every level is one reason I joined the company. Our digital foundation and our portfolio capabilities make customers intrinsically more secure. We focus on delivering the best possible user experience to nurture a culture of security not just for our organization, but for our end customers.

I’m looking forward to sharing my perspective and some of the things I’ve learned in future blogs. Watch this space for discussions of trends and topics like:

  • Compliance at cloud scale
  • Hot topics in physical security
  • Securing microservices
  • Timely discussions with other industry leaders

We hope you find this blog informative, and that it’s helpful as you try to address your own specific security challenges. If you have comments or feedback, or a topic that you’d like us to explore, please feel free to post that in the comments section.


Visit and learn how VMware delivers security in our products, solutions, cloud services, and across industries

Follow us on Twitter at @VMwareSecurity


Alex Tosheff – Chief Security Officer


Twitter @AlexTosheff