7/13/2023 0 Comments Ispeak cloud security![]() ![]() What you will miss is the visibility in knowing that all of those tasks are being done, and being done correctly. Establish a Level of Visibility: Moving to the cloud, you won’t necessarily miss all of the mundane responsibilities of owning and managing your own infrastructure-buying servers, racking, cabling, patching, re-booting, security event monitoring, or getting a call at 2am, for example. ![]() Establishing responsibility can be more complicated than you think, so be sure to ask detailed questions. Who owns what? Who does what? Work with your cloud provider early in the sales cycle to understand who is responsible for which security aspects of the cloud solution. But under platform as a service (PaaS) or software as a service (SaaS) models, the responsibilities are grayer. In the past, companies owned and managed every layer of technology including the hardware, operating systems, databases, and applications. Create a Shared Responsibility Model: Understanding roles and responsibilities is the single most challenging aspect of moving to a cloud-based model.Ask for additional evidence to support your due diligence process. Have a conversation or in-person visit with the cloud provider security team. Get third-party audit reporting from the cloud provider, such as SSAE 16, SOC 2, and PCI DSS. Make sure your security team is integrated with the business early in the procurement cycle. ![]() Due diligence should be more than just a check box. Do Your Homework: Your best defense in the cloud is to complete robust due diligence for third-party vendors.Accepting that fact and building internal processes that reduce risk to your business is the first step to moving to the cloud. In most cases, you can’t stop this transition, but you can better manage your company’s move to the cloud. Accept the New Normal: It’s happening-the cloud is here to stay.Here are six areas of focus to help you better manage your organization's on-going transition to the cloud. What protections and service level agreements (SLAs) will we have for customer data? What about for information security and availability? Creating good cloud policy takes asking the right questions and building the right working relationships. Security in the cloud is more about managing risk than managing absolute securityįaced with growing movement toward cloud services, discerning CIOs need to ask the hard questions. And no one wants to harm their customers, their company or their own reputation. The wrong technology selection can create immense business risk. Making a bet on the cloud can also feel scary-the CIO’s title is on the line. buying cloud solutions.Īs a result, CIOs often feel caught in an adversarial position, torn between maintaining security (and peace) internally and wanting to support smart investments in technology that help move the business forward. And the CEO and board of directors expect CIOs to achieve corporate objectives, while often not fully understanding the tradeoffs that come with building infrastructure vs. ![]() Meanwhile, stakeholders in information security fear the cloud more particularly, they fear losing transparency and control. Stakeholders on the business side are seeking the robust feature sets, cost savings, and fast implementation times found in the cloud. More >Ĭhief information officers (CIOs) today face a cloud conundrum with many competing stakeholder priorities. Acquia is a company that provides software and a cloud p. Brian Castagna, Senior Director of Information Security, Acquia, Inc, Brian Castagna is Senior Director of Information Security at the Acquia Cyber Defense Center. ![]()
0 Comments
Leave a Reply. |