All roads lead to security, even in the cloud

  • Cloud security is no longer an option; it's a mandate.

  • Detection and response are key priorities in cloud security.

  • Virtualized security can be integrated within the network to increase performance.

Before coming to AT&T, Andy Daudelin designed radio systems for the U.S. Army to keep enemy forces from intercepting military transmissions. In his 27 years at AT&T, Andy helped build the company’s first corporate IP network and then played a key role delivering it to many of AT&T’s Fortune 500 customers. He went on to develop a hosting and applications business, managed several cloud and security acquisitions, and helped deploy those same capabilities inside AT&T customer networks.

Last month Andy started a new chapter in his career at AT&T— leading the cloud team. We sat down with him to discuss his new role and what customers can expect to see from his team.

Q: You’ve led many different teams during your career at AT&T. What’s it like taking on cloud?

A: Leading the cloud business feels like coming home. It seems like I trained for this role my whole life. I’ve managed giant IT operations, stayed up all night on an outage bridge, and fought on the front lines with our network engineers and security analysts to mitigate security threats for our customers. My career has always been about problem solving and building new tools.

Q: What are your priorities as the new lead for the AT&T Business Solutions cloud team?

A: Number one is to integrate security into every cloud-based service. We don’t see security as an option. It’s simply part of how we do business.

An example is what I call Secure Mobile Cloud, an internal term that describes how the entire AT&T Business Solutions portfolio works together. Instead of saying, ”Here is our cloud solution, here is our security solution, and here is our mobile solution,“ AT&T is creating a holistic solution to take away complexity from both the IT shop and the end user.

Q: Cloud environments provide organizations with increased flexibility and scale, but they also introduce unique challenges. What advice would you give businesses making this transition?

A: Two things immediately come to mind. First, take a look at your security approach, and don’t assume anyone is following your rules. Lines have blurred for employees, especially with the acceptance of Bring Your Own Device policies. You MUST assume employees are doing whatever they want— not doing so is like hoping gravity stops. Think about what an employee would do if they didn’t have their work computer and they needed to send a quick email. Many times, they’re going to use their personal device, email, and storage to get the job done.

Second, develop a clear cloud plan that includes security, making detection and response a priority. It’s imperative that the security and technology offers work together.

A few years ago, prevention was a ‘good enough’ strategy. We could make a patch, deploy it, and call it a day. Today, businesses face “live enemies” that morph and change while you battle against their attacks. Your ability to quickly detect and respond to malicious activity in your network makes all the difference on the scope and impact of attacks. How you respond is key. Not all attacks are created equal. You need the right experience and expertise available to recognize what you’re dealing with and to react accordingly.

Q: You were part of the IT leadership team responsible for the first introduction of cloud into the AT&T infrastructure more than a decade ago. Given that experience and coming from a long career in IT, what does “cloud security” mean to you?

A: A lot of times we hear “cloud security” used to describe security measures specifically intended to protect infrastructure in the cloud. But there’s another key aspect to this that is often missed. The cloud itself — with its unique architecture options, on-demand delivery, and scale — can be used to improve security across an entire organization, including non-cloud environments.

Cloud-based environments have inherent security advantages. One example is how it can transform a user’s device to an access device, which can help to prevent potentially sensitive data from being compromised by loss or theft. Virtualized security, such as software-based firewalls and intrusion protection systems, can be turned up at the same time as your other cloud-based assets. That gives you tighter control over access and network resiliency. And when this virtualized approach is integrated within the network, it greatly simplifies the whole picture while increasing performance and scalability.


Learn more about managing growth and scaling your business’ possibilities with cloud services from AT&T.


Andy Daudelin Vice President of Cloud AT&T About Andy