Four Points About Cloud Security
Four points about Cloud Security that CISOs would be well advised to put on their boards
When I meet with administrators to address the issue of cloud security, I realize that they usually fall into two groups. The first, smaller, brings together those who do not support the migration of their corporate data on cloud platforms for security reasons. The second group, which is also the most important, brings together those who say they are concerned about cloud security, but have nevertheless rallied to the cloud, voluntarily or not. Their businesses and businesses use platforms like Office 365, Salesforce, and Amazon Web Services, which means they combine the cloud with data storage. And if they have already “jumped”, they have not necessarily weighed the security risks involved in this decision.
Regardless of which group your board fits into, it is important to involve CISOs in cloud thinking so that they can expose the top managers to the business why security cannot be neglected. To this end, here are the four points that the CISOs would be, in my opinion, well inspired to argue with the administrators during these interviews (somewhat delicate) concerning cloud security.
The cloud is a risk like any other
Boards are more aware of the importance of cloud security when the wording refers to the risks that the company faces. Administrators arbitrate daily risks, of which the cloud is a part. In thinking about cloud security, they need to ask themselves the same question they would raise in any other risky context: To what extent do we reduce the severity of business risk by deploying data in the cloud?
Each cloud application has a different dataset that each institution will have to evaluate differently. For example, if a company stores consumer-oriented marketing materials in the cloud, the impact of a potential document leak would not be very serious. On the other hand, if that company stores the source code library of a new product in cloud mode, leakage of the source code in question would have a more dramatic impact.
The native security of a public cloud is insufficient
Boards need to know the basic mechanisms of the public cloud and how it is secured. Almost all cloud operators integrate, in one form another, a native security to their platforms. In many cases, the type of security proposed by these actors is considered sufficient – wrongly. In fact, cloud security is the shared responsibility of businesses and public cloud providers, in that the security of the platform infrastructure is managed by the cloud operator and that of the data is the responsibility of the cloud. ‘business.
In reality, data in the cloud is neither more nor less secure than those stored elsewhere in the enterprise. Therefore, if you intend to enhance the protection of non-cloud-based data with additional security measures, do the same for those that are stored in cloud mode. Not to mention that your cloud security measures need to be seamlessly integrated with the rest of your security architecture and communicate with it in an ultra-automated way. In doing so, your business is much more likely to prevent a potential cyber attack from resulting in a data leak.
Cloud security is not a different type of security
In many cases, cloud security is perceived as a different “type” of security requiring a different approach. Faced with an interlocutor who expresses this opinion, I ask him the same question invariably: Would not it be ideal to manage the security of cloud services in the same way that the company manages security within its scope? , in the Data Center and on mobile devices?
Not only is it possible, but if there is a way to prevent successful cyber attacks – in the cloud, on the network, or on workstations – boards of directors must endorse an approach consistent management of enterprise-wide security. CISOs are aware that managing and orchestrating multiple security and product strategies complicates security environments, leaving the door open to errors, risks, and costs. By drawing directors’ attention to these potential risks and costs, they will be better able to assess, identify and, in the process, priorities.The principle of prevention involves securing the cloudThe most innovative boards I have met meet the principle of prevention in cybersecurity. This principle means ensuring consistent visibility and protection across the enterprise, whether it’s at the Data Center, within its perimeter, on the mobile, or in the cloud. With the help of their CISOs, these administrators understand that, to prevent intrusions, the prevention objective must condition any investment decision in the field of security. To convince their boards of directors, CISOs must demonstrate to them that a global security approach – cloud security included – is ultimately able to neutralize the risks for the company and to prevent cyberattacks.
Coupon: BHK6VTags: Cloud, ipad