top of page
Writer's pictureRoy Urrico

InfoSec People Profile: Cloud Storage Security’s Steven Hess

Updated: Nov 18

CEO Leads Mission to Protect Data Across Industries


By Roy Urrico


Finopotamus presents InfoSec People Profiles, a series spotlighting individuals working in information security (infosec), cybersecurity and/or information governance to protect data and transactions at credit unions and other financial institutions, and fintechs serving the financial services industry.

Steven Hess, CEO of Cloud Storage Security (CSS).

Steven Hess, CEO of Salt Lake City-based Cloud Storage Security (CSS), which provides cloud-native security solutions designed for multi-cloud environments, told Finopotamus that he is on a mission “to tackle the complex data security challenges that our customers in healthcare, financial services, government, and other sectors face.”


Career Path Leads to Data Security


Hess grew up in Colorado, where he said, “the mountains and outdoor lifestyle taught me resilience and fueled a lifelong sense of adventure.” He graduated with a degree in statistics and economics from Colorado State University, which eventually led him to the Bay Area during the tech industry rapid growth era of the early 2000s. His career began in e-commerce and supply chain, but he explained he soon transitioned to healthcare technology, driven by the mission to improve patient outcomes.


“Over time, I gained experience across sectors like financial services, insurance, and payment processing, building and scaling data-intensive solutions for highly regulated industries,” he noted. Moving into data security was a natural evolution. “I’d seen firsthand the importance of protecting sensitive data and the high stakes involved in any failure to do so.”


Throughout Hess’s career, he always emphasized building and deploying technology solutions that support people and processes. “Working with a business process outsourcer early on refined my appreciation for technology as a tool that supports people. I still believe this: No matter how robust or elegant the technology, it is ultimately people who get the job done.”


Hess also founded a sports recovery and wellness business because “I believe in using evidence-based care to help people live fully.” And while Hess says his work is demanding, he still finds time for the outdoors. “I am an avid adventurer, and being out in nature provides the balance and perspective that fuels me professionally and personally.”


Current Role in Information Security


As CEO of CSS, Hess said his role is to drive innovation for the company’s cybersecurity and data protection products that have rigorous compliance needs. “I provide strategic direction for our talented team that develops malware protection and data loss prevention (DLP) solutions for multi-cloud environments, especially those that use AWS (Amazon Web Services) and Azure. Our robust solutions are also evolving to address other public and private cloud configurations, as well as on-premise setups.”


Hess emphasized, “Data security is the backbone of our mission. Our heritage was initially focused on the SMB (small and medium-sized business) market. I am deeply invested in helping CSS scale to support industries like financial services, healthcare, and government. By fostering a culture of collaboration and intellectual curiosity, my intent is to ensure that CSS continually adapts to meet the evolving needs of our clients, while also driving long-term growth, revenue expansion, and value.”


CSS’s Cybersecurity Operations


Hess described how CSS enables clients to classify data, detect malware, and ensure they remain compliant — all without moving data outside their environments. “We know clients operate with diverse workflows, so our platform is flexible, whether they’re managing hybrid setups, migrating data, or interacting with any number of external parties and their systems.”


CSS allows clients to monitor and secure data in place, Hess noted, adding that this approach helps prevent breaches before they happen and allows organizations to satisfy their data security, privacy, and compliance requirements. “Our commitment to adaptability is especially vital for industries where data protection and regulatory compliance are non-negotiable.”


He added, CSS also empowers organizations with comprehensive visibility, precise control, and the flexibility to manage and secure data across varied infrastructures. “Whether data resides in the cloud, on-premises, or moves between both, our solutions ensure that organizations can maintain robust security, meet compliance standards, and reduce complexity — regardless of how intricate their infrastructure becomes. CSS is purpose-built to evolve with industry needs, providing the resilience and agility necessary to navigate an ever-changing threat landscape.”


Threats Causing Sleepless Night


When Finopotamus asked “What threats keep you up at night?” Hess responded that his intellectual curiosity to understand the “why” behind the cybersecurity challenges drives him more than worry.


“First, bad actors are relentless and always adapting. Cybersecurity is not a solved problem; attackers evolve just as fast as technology does, so staying ahead requires constant vigilance and a willingness to question everything,” Hess said.


CSS operates, he further explained, with an “assume bad intent” mindset, which means they build defenses expecting cybercriminals to potentially testing any vulnerabilities. “This contrasts with my outlook on life, where I always assume good intent; but in cybersecurity, it pays to be cautious and even suspicious.”


Directly behind bad actors is the reality of human error, said Hess. This consists of “well-intentioned people making mistakes in complex environments.” Because a single misconfiguration can expose serious vulnerabilities, CSS’s designs its tools to help detect and protect against risky settings, reducing the potential for error that results in cloud configurations. “This layered approach, guarding against both external threats and internal oversights, is what keeps me engaged and pushes me to stay curious, always seeking ways to improve our ability to protect data and support our clients.”


Cybersecurity Dangers to Credit Unions and FIs


“Credit unions and financial institutions face unique challenges, starting with the critical need for data privacy and regulatory compliance,” stated Hess. “These organizations must navigate complex state and federal regulations. NCUA has put together an excellent examination program that ensures credit unions have the appropriate data security measures in place to mitigate any cyberattacks.”


CSS’s solutions, according to Hess, help credit unions meet the stringent requirements put forth by NCUA by providing classification and visibility tools that secure data in place, ensuring compliance without requiring data transfers or movement across environments.


“A major concern for credit unions is certainly the growing threat of sophisticated malware and ransomware,” said Hess. “Handling sensitive member data makes credit unions prime targets for cybercriminals. CSS’s ransomware defense and malware detection capabilities help financial institutions detect, isolate, and prevent these threats directly within AWS and Azure, keeping data secure in the cloud.”


Cloud misconfigurations also pose ongoing risks, he noted. “With many institutions operating in hybrid and multi-cloud environments, even small configuration errors can open significant vulnerabilities. CSS provides insights into cloud settings, enabling proactive identification and remediation of risky configurations.”


Resource constraints are also a real challenge, especially for smaller credit unions with limited budgets and IT staff, explained Hess. CSS’ design makes it scalable and affordable, delivering enterprise-grade security without overstretching resources. “This flexibility helps credit unions protect member data, meet regulatory standards, and provide peace of mind for their communities.”


A key lesson Hess learned from working in healthcare is that hospitals and health systems do not have customers — they have patients, people who trust them with their most sensitive data. “I see a strong correlation between that mission and the purpose of credit unions, which prioritize serving their members over profit and earnings. To fulfill this mission, reputation and trust are paramount.”


While the cost and time required to recover from a data loss are incredibly high, trust is something far more difficult to restore, and often it is not possible, advised Hess. “So, protect the data, protect your members, and continually demonstrate that you’ve earned and respect that trust.”

bottom of page