Cloudy Crystal Gazing: Top 5 Cloud Security Predictions for 2022

Predicting the near future, especially in the world of cloud security, can be fun and eye-opening. In this episode of the Security on Cloud Podcast, we welcomed Dr. Michael J Savoie, President & CEO of HyperGrowth Solutions and Clinical Professor in the Ryan College of Business at the University of North Texas, to discuss the top 5 cloud security trends and predictions to watch in 2022. 

Follow along as we discuss these 5 cloud security trends:

  1. Third-party cloud security and compliance requirements will evolve to include the location of data and applications. [06:40]  
  2. IoT (Internet of Things) devices will require additional security and compliance standards to address the magnitude increase in data flow through the cloud. [11:26]  
  3. With modularity becoming the norm, your level of cloud security will be based on the level of the weakest link of any connected device or cloud. [18:00]  
  4. New cloud security protocols will be required as Blockchain becomes the norm rather than the exception. [23:16]  
  5. It will become increasingly difficult and competitive to procure your cloud security and compliance budget unless you can show how it is tied to the bottom line of the business. [28:25]

More Ways to Listen: iHeart Radio | PandoraApple Podcasts | Spotify | View All

Episode Transcript

John Vecchi: Welcome, everybody. You’re listening to the Security on Cloud Podcast live on Anitian Radio. I’m your host, John Vecchi. 

Scott Emo: And I’m Scott Emo. Imagine if we could predict the future just how much easier would our life decisions be. Like, “Wow, I should have never dated that girl back in college,” or, “I should have held that stock just a little bit longer.” But predicting the near future, especially in cloud security, can be both fun and eye-opening, and that’s exactly what we intend to do today. 

John Vecchi: Yeah, that’s right, Scott. ‘Tis the season for trends and predictions as we kick off the new year and we’re going to cover our own list of top predictions today on the Security on Cloud Podcast. We’re all about trends in cloud security and compliance and diving into some of the top ones for 2022 is a great way to give you all a bit more insight into what may lie ahead and what actions and preparations you might want to be thinking about to prepare for the year ahead. With that, I’d like to welcome today’s very special guest.  

He’s an internationally recognized public speaker, an award-winning college professor, four-term mayor, and advisor to federal, state, and local governments. He’s been featured on numerous TV programs, webcasts, and newspaper articles around the world. He currently serves as the President and CEO of HyperGrowth Solutions, a company specializing in the integration of business and technology, and he’s also a clinical professor in the Ryan College of Business at the University of North Texas. He’s given not one, but two TED Talks discussing modularity and the internet of things as well as why end-users should be part of the network. Coming to us from Justin, Texas, I’d like to welcome our guest, Dr. Michael Savoie. Michael, thank you so much and welcome. 

Dr. Michael Savoie: Thank you. Well, thank you, gentlemen. I appreciate it. It’s a pleasure to be with you today. 

Scott Emo: Michael, before we get going and dive into all the topics, can you tell us a little bit about HyperGrowth Solutions and how it ties in with your background and experience. 

Dr. Michael Savoie: Sure. Be happy too. HyperGrowth Solutions, or HGS as we refer to it, began in 1998 to deal with, as you might expect, companies experiencing hyper-growth due to the explosion of the internet. In HGS, we focus on the integration of disruptive technologies with the business activities of an organization. We tie those activities to the company’s key performance indicators. In essence, we focus on the holistic business, not just the technology, because disruption occurs in the entire business, not just in the technology space. 

John Vecchi: That’s phenomenal. That’s interesting. I think you’ll talk more about how that ties in, right? Welcome, by the way. Today we’re going to cover, what, up to five predictions? How many are we going to cover today? I know you probably have more than that, but I know you cherry-picked the right ones for today, right? 

Dr. Michael Savoie: Yeah, so I think we’ll get three to five in there, depending on the number of questions y’all come up with as we start to talk through this. 

John Vecchi: That’s fantastic. Excellent. Alright, what do you say we kick it off, Scott? What do you say? 

Scott Emo: Before we even get into the predictions, I think our listeners would love to hear how you go about coming up with all your predictions. What process are you using to come up with these? 

Dr. Michael Savoie: Back in the early ’90s, when we started working with the internet and dealing with disruption, forecasting models don’t handle disruption well. So, if you have a forecast model, most of the traditional models are based on history, so you need to have historical data and a continuing trend if you will. A short way of explaining this is “you can’t predict the future if you don’t have the past.” With the explosion of the internet in the late ’90s, everything was changing so quickly that the forecasting models simply weren’t working, so we started looking at that and realized that disruption causes innovation. A lot of people will sit there and go, “Innovation causes disruption,” but the reality is disruption causes innovation, and so those two things are tied together. 

We develop what’s called “wave theory.” Wave theory basically goes in and looks at a number of different “waves” or drivers of the environment. There are socioeconomic drivers. Most people probably in your audience are aware of Maslow’s hierarchy of needs. With Maslow’s idea, these are what we call “base waves.” A base wave would be “you’re not really worried about safety if you’re trying to survive.” The example I use all the time is cavemen would go out and attack a saber-toothed tiger, even though they knew it would kill them if they were starving to death. If they had just eaten, trust me, they’re hiding from their saber-toothed tiger, right, so safety becomes more important. 

We look at all these different waves that are out there. We start with the base waves of survival, safety, social, and then we move up from there into the things we’re dealing with today it may be convenience, privacy, security, legal, regulatory and we analyze how all of those things interact with each other, and then that allows us to bridge the disruption that’s occurring and predict how the waves will drive the market, which manifests in the products and services that we see in the future. That’s what wave theory is, that’s what we use, a very short version of it. 

John Vecchi: That’s phenomenal. I love the whole idea that it’s the disruption that drives the innovation, which is so true in many ways, so I love that. It sounds like we are we’re in for a treat on some of the things you’ve been seeing, specifically applying that type of an approach. We’ve got five trends we’re going to talk about, so how about we kick it off? Let’s look into your crystal ball. What’s one of the first trends you think we should expect in 2022?  

Dr. Michael Savoie: When we talk about cloud security, there are a number of different aspects that we’re looking at and a number of different drivers that are involved in this, but the first trend I’d like to talk about is this concept of third-party cloud security and compliance requirements evolving to include the physical location of data and applications. I think that’s one that we’re seeing already, but I think it’s going to continue and accelerate as a trend as we move forward. 

Scott Emo: I thought that when people move to the cloud, a lot of times they don’t care where their applications or data resides. That’s one of the things that people have in their heads like, “Well, shoot, it’s just in the cloud.” Can you go into this a little bit more? Because I don’t quite get why you think data and application location is going to be an issue in the cloud. 

Dr. Michael Savoie: Scott, I think you’re spot-on. Most of us sit there and use the cloud. I use it, just like everyone else, right? I put data in the cloud so that no matter where I am in the world, I can access my data. That’s the way we tend to think of it. But when you start talking about security, one of the things we’re seeing, especially right now it’s being driven mostly by federal governments, but they’re coming in and they’re saying, “No, we want to know physically.” For instance, in the United States, if you have a federal government contract in the United States and you are working with data that has any level of security on it, that data must be kept within the boundaries of the United States. It cannot go outside. 

We have a client we’re working with right now in Europe and they’re involved in some stuff that has to do with GDPR and they’ve been told point-blank by the European Union (EU), “The data cannot leave the EU,” and so that’s where we’re starting to see this. That’s not really the way we originally set up the cloud to operate. The idea was that you would put your data centers wherever you wanted to and if the data was available wherever you were, everybody was happy, but that’s not the trend we’re seeing now. We’re seeing more and more contracts that are starting to reference that the physical location of the data needs to be specified within the contract. 

John Vecchi: Michael, do you see commercial compliance mandates that will also start requiring that? In other words, for sure government, right? I mean, you look at federal space and the EU and there are companies that do a tremendous amount of business or are just going to offer your business in the European Union, for example, that’s massive. Are there other mandates that companies may get up against that will require this? 

Dr. Michael Savoie: We’re starting to see more and more companies that are starting to specify where they want the data located. For instance, you may have somebody like IBM that’s both a federal government contractor and is working a lot in the private sector, but they may come in and start specifying this. We’re starting to see this in the contracts to their cloud providers of saying, “Look, we want data to be moved within a specific geographical location,” so it’s not just the governments that we’re seeing, we are seeing some of the private industry doing this as well. 

One of the examples  and it’s a great example for your audience to understand we had a client who was working primarily in the private sector, but they were a sub of a sub that was doing some government work. They happened to move some data from the United States into Canada and then back into the United States and they lost that contract because it violated the prime contract with the federal government to do it. As I said, we’re seeing it at the federal government level, but it’s working its way down into all of this.  

If you look at AWS, if you look at Azure platforms and stuff, three, four, five years ago, you didn’t know where they put your data. They didn’t tell you and it wasn’t readily available. Now, you can go online and you can find out exactly which data centers have your data. So it’s becoming top of mind to people now, and if you’re operating in the cloud space, especially if you’re operating in security, you’re going to see this in your compliance documents where it’s going to say, “Hey, you need to at least reveal to us where the data is being stored.” 

Scott Emo: That makes total sense now, the way you frame that, so thanks. I like that prediction. I think that’s going to happen. Let’s shift gears. Do you have a second prediction or trend? 

Dr. Michael Savoie: The second trend has to do with Internet of Things (IoT) devices. I think everybody in the audience is aware that IoT is exploding everywhere. IoT devices, by their very nature, the way they were designed in the very beginning and the way they’re built now, is they do not include security on the IoT device. As we start to connect these devices around the world, we need to be aware that the security and compliance standards are not there. As you start to drag this data in, if you will, from the IoT devices, that this stuff starts to increase by magnitudes into your cloud, you need to be aware that this data is coming in completely devoid, in most cases, of any type of security protocol at all. 

John Vecchi: This is a big one as I see it. It’s exploding. I think in terms of IoT as kind of like where we were with the first versions of laptops and the internet when things weren’t secure at all. You think in terms of organizations can have 1,000 IoT devices with multiple of them touching multiple employees, all potentially able to connect back to their cloud environments. Some of these IoT devices are almost like super minicomputers. They’ve got multi-gig hard drives on them and they’re as hackable as anything they have. How should people be thinking about this massive area? 

Dr. Michael Savoie: John, you touched on a lot of things here. It’s important for the audience to understand that we’re not just talking about data that’s stored in the cloud, we’re talking about data that’s moved through the cloud. I’ll use this example because I love this one. We worked with a client in Las Vegas where a casino was hacked and we were looking into the hacking and what exactly happened. What turned out to be the point of entry was an internet-connected thermometer in a fish tank in the lobby of the casino. 

That’s really what your audience needs to take away from this. People are connecting their lawn sprinklers to the internet and have different devices all over the place and they go, “Well, I’m not really storing data. It’s just texting me on my cell phone to tell me what’s going on.” But that data is moving through the cloud and if that data moves through your data center, you need to understand that there’s no security protocol or minimal protocol, depending on what we’re talking about on that data as it comes in. If someone wants to piggyback, as in the case of the internet thermometer in the fish tank, and wants to hop on there and ride it in, the question is, how far into your systems are you allowing this data to go? 

That’s where we see so much of the issues now that we’re coming back and going, “Okay, these are the issues we’re dealing with.” We’ve had a grocery store chain that was hacked through their smart meters in their refrigeration systems. One of the damages they did was that they turned the refrigerators off, and so they lost $50,000 worth of inventory because the refrigerators were turned off. We have story after story of these types of things and as we connect more and more devices to the internet, it creates more and more access points that we need to be aware of. We need to make sure that our cloud is monitoring that data as it either comes in or it flows through. Either way, we need to be aware of what’s going on. 

Scott Emo: That is so true. Some of those are classic stories and you hear about different IoT devices getting hacked all the time. 

Dr. Michael Savoie: Mm-hmm (affirmative). 

Scott Emo: What’s interesting is you brought up, it’s not only just the hacking part, but it’s the data moving from cloud to cloud. We’ve talked about zero trust before on the podcast and only those with the ability to access can get that access. IoTs are not designed with zero trust in mind at all, so that’s a great point. 

Dr. Michael Savoie: It’s what we talked about before with the waves. Waves compete with one another. So privacy and security, we have those different things that go with them and zero trust and data access tend to compete with one another. We all want the data when we want it, where we want it, how we want it, and yet we aren’t really thinking about: A.) is the data good? B.) is it coming through a secure channel, a “good” channel? Is it being routed through secure areas? So zero trust tends to focus in on that type of stuff and go, “Hey, we need to make sure we’re getting it,” but you and I are sitting there going, “latency, latency, latency. I want my data when I want it,” and so we have those competing waves we’re looking at that all the time in terms of how is it affecting the flow of data and the security and compliance protocols. 

John Vecchi: Yeah, boy, we could spend an entire podcast just talking about this, it’s so massive. You think about these devices and God only knows how out-of-date the firmware is on any one of these, sometimes it could be years out of date, just think about your iPhone not updating for three or four years. That’s what some of these devices are like. And the implications on the cloud are incredibly deep and complex. That’s a big one. We may have to have you back and just literally dive into that one. Let’s move on to trend three. What’s the third trend you have? 

Dr. Michael Savoie: The third trend actually feeds off of the first two. The third trend we’re seeing is modularity entering into cloud security. Let me explain what we’re talking about there because a lot of people will sit there and go, “Well, modularity? We have different data centers.” Different data centers are not modular. Modularity is when we’re talking about integrating various clouds. The most common one we think of is a hybrid cloud, where you have a public-private, right? Most people are aware of that. They go, “I have a private cloud and I have a public cloud. I integrate the two and now I have a hybrid cloud.” But you really aren’t integrating, what you’re really doing is you’re modularizing. 

As you start to flow magnitudes of data in and out of your cloud, it may be stored and it may not be stored, it may just be moving, right? The question is, where is it coming from and how is it routed to you? If it’s coming from multiple different clouds, and it may be multiple public clouds, it may go through a private cloud somewhere, it may go through a hybrid cloud, and then it comes back out. There are several different ways these things connect. 

I think the simplest way to think about this is to think about a launch sprinkler system. You’ve got a number of sprinkler heads that are out in the ground. They’re measuring moisture content in the ground, they’re measuring sunlight, they’re measuring temperature, they’re measuring humidity and they’re feeding all of that back to a central controller that’s usually in your garage. That controller is then connected to the router in your house, which allows the controller to communicate with you on your phone or your laptop or whatever it is you want. Same thing with the Ring doorbell, a Nest thermostat, any of these types of things. 

Now magnify that by, I don’t know, a million, a billion, and you start to see the problems that we’re dealing with. As modularity becomes the norm, because that’s what it’s going to do; the internet is called the internet because it’s a network of networks, that’s what it’s created to be and we’re driving the network into our very existence and everything we do. So as modularity becomes the norm, what you’re going to see is from a security and compliance standpoint, where is the weakest link in this network or these modules that are out there? That’s where your security is going to have to start looking. You can say all day long that your cloud is absolutely secure. Scott, you said earlier, “We have zero trust. We’re rock solid,” right? But where’s your data coming from and how secure is the cloud where it’s coming from? Even if you don’t store it and it just flows through, how secure is where it’s coming from? There are millions if not billions of access points and that becomes a major issue. We have to start thinking, in terms of cloud security, it’s based on the weakest link of any connected device or any connected cloud. 

John Vecchi: You can see with the complexity of everything and so many modular connection points and different types of clouds and hybrid clouds how that could be overlooked. That’s a mindset that has to be seen; out of all these data points, what is the weakest link? Because you’re often going to start with what you’re comfortable with like, “my primary cloud on AWS or Azure is very strong and my private cloud’s strong,” but you’re overlooking the fact that you have multiple connection points and modular connection points. I think what you’re really saying is that those need to be viewed as, “what is the lowest-level, weakest one of those?” and that’s essentially the state of your security. Is that the way to think about that? 

Dr. Michael Savoie: That’s exactly the way to think about it. I mean, think about an organization where you bring your own device and you allow your devices to connect to the network. Well, your phone is a modular cloud. That’s what it is. It’s connected through Bluetooth to your car, it’s got a connection to your Fitbit, or your Apple Watch, or whatever. We don’t think of it that way, but we need to start thinking of it that way. 

Scott Emo: That is so right. The whole “weakest link” concept. Your network is a full chain and everybody’s got to look at that full chain. Any bad guy is going to look for that weakest link. 

Dr. Michael Savoie: Mm-hmm (affirmative). 

Scott Emo: That’s really good. I can’t wait to hear number four.  

Dr. Michael Savoie: Well, Scott, you gave us a great segue into number four by mentioning change, right? The fourth prediction is really what we’re looking at with blockchain. Blockchain is a game-changer. If you have a lot of listeners that are all old like I am, a lot of us look at that and go, “Isn’t this the old peer-to-peer networking we played around with in the ’80s and ’90s?” The short answer is, “yes” but the longer answer is, “yeah, but it’s a lot different.” 

Blockchain is now becoming the norm. We’re not there yet, but what we’re seeing especially in the financial sector where blockchain is significantly ahead of everywhere else. My area of research is really around supply chain and digitalization of supply chain, where things like smart contracts are becoming a big deal. As that comes along, we really need to look at our current security protocols and go, “Okay, is my protocol set up to where it can work with this new blockchain environment? Or do I need to do modifications to get it there?” 

We need to take those steps now so that we’re ready for this when it happens because I predict that blockchain is going to move very quickly. It’s going to move around the world very quickly. Like I said, in the supply chain, we were just kind of playing around with this stuff back in 2017, 2018, 2019, and then we had COVID-19. COVID didn’t phase us in the least bit. The global supply chain’s going to come out of COVID-19 very much focused on blockchain. 

Just a quick aside for your listeners here, a lot of people hear on the radio and television and stuff that the supply chain problems we’re having today were caused by COVID, but they weren’t. We had the supply chain problems prior to COVID even happening, COVID just made it to where we all got to see it. But a big part of that disruption is the innovation of blockchain, and we’re seeing that innovation come in. So when we do come out of this, if you aren’t ready for blockchain and your cloud isn’t ready to deal with a blockchain flow of data and isn’t able to deal with the compliance issues and stuff that start with that, you’re going to be at a major disadvantage. You need to start now to make sure that you’re set up to deal with this. 

John Vecchi: Yeah, I think you’re right. I mean, we look at many things that happened from COVID and the COVID economy. In fact, Scott and I are working on a piece of research with Ponemon right now that will be published soon called “The Post-COVID Cloud Boom” where organizations were kind of caught off guard and suddenly, they were all remote and they needed all kinds of new applications and/or they needed to just get to the cloud. I think your prediction that there’s also going to be a blockchain boom it’s almost like a parallel economy when you think about it. It’s absolutely here and I would agree that it’s here to stay. I think that the difficulty for some is not only just trying to absorb what the blockchain is and how it works, but how will their cloud providers help them? When you think about that, will cloud providers be able to step up and help with this, or are they on their own preparing for blockchain? 

Dr. Michael Savoie: I think it’s fascinating, John, because you’re spot-on. If we cut through all the wonderful technology advances we’ve had over the last 20 years, the reality is that at its base core, we still operate on a server-client environment. That’s our approach to things, right? Blockchain is not that. Blockchain is really the dissemination of the computing power across the network. As you start to look at these data centers and you start to look at your cloud providers and stuff, the question becomes, “What is my role now in this new supply chain?” As we start to diversify, modularize, and move all the things we’ve talked about, where do cloud providers fit into that? What are the value-added services that they now provide? There are a lot of them out there, but I would argue that they’re probably not directly aligned with the way that you’re operating today. 

Scott Emo: I think that sounds spot on, but that one’s going to be a tough one to overcome. 

John Vecchi: Yeah. Another topic we could spend an entire podcast on.  

Scott Emo: Exactly. Speaking of, I don’t want to run out of time, I want to hear your fifth prediction.  

Dr. Michael Savoie: The fifth prediction that we’re looking at has to do with economics. The question now becomes, “How do we operate in this new kind of emerging environment?” What we’re seeing is that it’s going to become increasingly difficult and competitive to procure your cloud security and compliance budgets. So, we’re talking about your cloud security and compliance budget. It’s going to be more and more complicated to get that budget unless you can show how it’s tied to the bottom line of the business. 

I spend a lot of time with C-suites and with boards and every one of them now is coming back and going, “Okay, I want to tie all of these expenditures to the bottom line of the company. You’ve got to tell me what the business value is of me investing in this security or investing in this compliance.” Just like we’re all tired of COVID and we’re tired of hearing the government tell us to lock down and this and that and everybody’s just kind of going, “You know what? I’ll just live with it. I’ll figure it out,” We’re seeing a lot of tiredness on the part of the C-suite and the boards with being told, “Oh, you need to spend money because what happens if you get hacked?” The boards are coming back and they’re going, “You know what? If you want the money, then you tell me what’s going to happen when I get hacked. I want to know the future today. Before I give you the money, I want to know exactly how you’re going to use it on and how it’s going make me safer.”  

One of my favorite stories in this space was when we were working with a company and their board and the board was really kind of like, “Eh, we won’t spend money on security. We’ll deal with it when it happens.” Well, when it happened was 5:30 in the morning when the board chair, a wonderful lady I think the world of, had a knock on her door at 5:30 in the morning and she opened the door to a full camera crew wanting a comment from her on the fact that they had just had 30 million records stolen out of their database. At that point, security became real to her. 

We, as security people, need to figure out how to make it real before that camera crew shows up at 5:30 in the morning. We need to figure out how to go back to people who are not technical or security personnel and be able to explain to them why this expenditure of funds is going to benefit the company. Saying “it’s going to protect us” is not a benefit to the company, so we really need to look at how we’re doing this and how we’re tying the budget requests that we have and the activities we have underway to the key performance indicators of the organization. 

John Vecchi: It’s a huge one and for a lot of security leaders, this is hard. This is a podcast sponsored by Anitian, and everything we do revolves around empowering business growth. In other words, we don’t want to talk about, “Yeah, we do complicated stuff. We automate security and compliance in the cloud.” Because if we said that, who cares?

… Security people need to figure out how to make it real before that camera crew shows up at 5:30 in the morning. We need to figure out how to go back to people who are not technical or security personnel and be able to explain to them why this expenditure of funds is going to benefit the company. Saying “it’s going to protect us” is not a benefit to the company…”

Dr. Michael Savoie: Right. 

John Vecchi: Really, it’s what are you going to do for me and my business? If we can then tie it to the fact that we’re enabling business growth by alleviating things that others would otherwise need to do while also making you more secure. You can tie that back to driving the business but what you’re saying is that that’s expected now. What are you doing to help drive the business? How does it tie to a business case? Just saying, “Wow, we’re security. We need to have this because it gives us protection,” is not going to cut it anymore. Is that kind of the way to think about that, Michael? 

Dr. Michael Savoie: That’s it, John, that’s spot-on. That’s exactly what we’re dealing with. There’s a very fine line between warning people of danger and becoming the boy who cried wolf and we need to be very careful where we are with that. Security is absolutely critical, but you’re not going to see security every day, right? Security is protecting you. It’s when security doesn’t protect you that everybody sees it. So we need to make sure that we’re working to those bottom-line numbers, working our budgets, and working with the business folks in business language as to what we’re actually doing for them. 

John Vecchi: In your business and your company, do you get companies asking you how to articulate how to build a business case? I mean, it just occurred to me, that’s something people will need. I think it’s hard, right? 

Dr. Michael Savoie: Yeah, and John, it’s probably becoming the largest practice in our business now. I just signed one last week where we’re going in and they’re implementing an enterprise resource system (ERP). It’s an incredibly expensive and complex system in the company and we’re going in specifically to write up how that’s going to be presented to the board, to the stockholders, and the stakeholders of the company. I’m just a translator, right? They give me the language of security and technology, I translate it into the language of business, and we put it back in the hands of the folks who can see it. Our goal is to get at everybody on the same page.  

As you and Scott well know, when we’re dealing with technology, especially advanced technology like cybersecurity and the security and compliance in the cloud and stuff, it just goes right over people’s heads, it really does. You’ve got to be able to bring it down. People will say, “Well, you just dumb stuff down” and I really argue with that point because our goal is not to “dumb it down” but rather change the language so that the intelligence of what you’re doing is communicated in a language that the business and non-technical folks can understand. Because if we’re just dumbing it down, it’s going to come back to bite you. It does every single time. 

Scott Emo: John and I always talk about time to revenue which is a specific business need that a lot of our customers are looking for. 

Dr. Michael Savoie: Yeah, Scott, that’s a perfect example. Time to revenue is great. If a board member says, “Hey, you’re telling me this. What’s my return? When am I going to see value from this?”, and you go, “I don’t know, it’ll be six to 18 months,” you’re not getting a dime. It’s just the way it works.  

I just finished this with a CIO who did this and he said he spent 20 minutes trying to explain to the board. Instead of just saying, “It’ll be six months,” he tried to explain, “Well, it could be six months,” but if these things happen, it could be eight months, but if this happens, it could be four months, blah, blah, blah. After 20 minutes, the board chair just went, “You know what? You’ve confused everybody here. Why don’t you go back and think about it and maybe you can come back to the next board meeting and explain it?” He lost his budget for three months and now had a delay on a budget that he really needed to get that day. After the meeting, he came up to me and said, “I’m so mad. I’m so frustrated. We really need this money.” I said, “Why didn’t you just say that? Why didn’t you just explain why you needed the money?” He said, “Well, I was trying to answer the question intelligently,” and I said, “It didn’t work.” 

John Vecchi: Yeah, it’s so true. These are so practical and that’s another big one. I think we could literally dive into every single one of these trends and spend a lot more time on them, but I think you’ve given our audience a lot of things to think about. I mean, what better way to end this episode than with the idea that security can really be a business growth enabler, but how the heck do you articulate that, and how do you put that into words that can be understood by the executive team and the board? This is another area we could spend a lot more time on. 

Dr. Michael Savoie: Well, I appreciate the time to spend with you. I’ve enjoyed it immensely and if any of the folks in the audience have any more questions or want to reach out and ask, get more information from us, they’re welcome to do that. They can reach us at HyperGrowth Solutions. The easiest way to get to our website is to visit and they can see what we’re doing and the different areas that we’re working in. They can also reach out to me through LinkedIn or they can reach out directly by email at I’m very simple when it comes to emails and stuff like that and we’d be happy to follow up with any of your listeners that have questions. 

John Vecchi: That’s phenomenal. I think, audience, listen, I mean, Michael’s there. That’s why I thought for sure you’re probably getting companies and loads of people wanting you to help them with the last trend we just discussed, though, so thanks for sharing your contact details. It’s fantastic. Thank you. 

Dr. Michael Savoie: Oh, not a problem. Thank you for having me on the podcast. 

Scott Emo: Remember, the Security on Cloud Podcast is brought to you by Anitian, the leading cloud security and compliance automation provider, delivering the fastest path to security and compliance in the cloud. 

John Vecchi: Awesome. Thanks, Scott. Again, thanks to our guest, Dr. Michael Savoie. Until we meet again, I’m John Vecchi. 

Scott Emo: And I’m Scott Emo. 

John Vecchi: See you next time on Anitian Radio. 

About Our Guest

Dr. Michael Savoie – CEO | Board Member | College Professor
Dr. Michael J. Savoie, Ph.D. is an internationally recognized public speaker, award-winning college professor, four-term mayor, and advisor to federal, state, and local governments. He has been featured on numerous TV news programs, webcasts, and newspaper articles around the world. He’s the founder and host of “An Afternoon With…” technology webcast (2010-2013). Dr. Savoie currently serves as President and CEO of HyperGrowth Solutions, Inc., a company specializing in the integration of business and technology, and as a Clinical Professor in the Ryan College of Business at the University of North Texas.