Which Governance Framework Is Right For The Cloud?

Which Governance Framework Is Right

Cloud computing is revolutionizing how organizations use technology worldwide and for a good reason, it leverages on economies of scale more than any application of technology in recent history. And with the economic stability of the world swaying back and forth, organizations and businesses are forced to embrace that which makes them more stable and compete in a shaky market. Cloud computing allows them to do just that as it leverages their business processes with high returns and low costs. But the aggregation of data and information in a single virtual space has its own risks –it becomes a prime target for attackers and opportunists. This is more in line with the concept of data gravity. As data becomes more massive, the faster it attracts other services, application, customers, and yes even attackers. It also becomes harder to move which only assures attackers that the data they want is in the same place at any given time.

Cloud computing has received the brunt of most recent high-profile security attacks and data breaches, giving cloud computing a bad reputation of being unsecure, which now makes it a scapegoat for any failed security measure. But cloud computing can become very secure no matter the architecture or type used, but this would require a strong governance framework.

The Solution: Security Governance Framework

A governance framework is essential for any concept of technology to succeed. There are different types of governance frameworks for most concepts like how to run the organization itself, as well as the different departments in an organization, and of course a dedicated governance framework for IT. But for cloud computing, perhaps the most important governance framework would be that for security.

As with IT governance which stretches across all of its facets, from the people to the whole organization, the cloud computing security governance framework must do the same. The framework must allow the CSO and CIO to oversee and assess all risks and manage them accordingly, as well as the security and compliance of the organization’s cloud environment.

This governance framework must allow for security, compliance, and all of IT and the rest of the organization to be synergized to make the cloud secure. And therefore must do some of the following things.

1. Educate your workforce. Most security breaches and attacks stem from negligence or ignorance from the basic building block of the organization, the rank and file. Most breaches are a result of something that internal users have done or failed to do, and to prevent such things from happening again or at all, they must be made aware of the dangers of some actions and must be educated with security measures which they should always comply with.

2. Audit compliance. Use an audit tool which can view the organization’s Vulnerabilities across the board. It is common for departments to be without contact with each other because they are not related whatsoever, and the solution to this is to create a framework for compliance across the organization which combines the different streams of information from different groups, giving security administrators a single overview.

3. Employ Identity and Access Management (IAM). This is one of the best ways to keep track of people who have access to sensitive data. This prevents or at least mitigates breaches and attacks from internal sources. Access management must be paired with a data logging solution which allows administrators to know who does what, when and where and that all changes are logged and audited properly.

4. Employ Security Information and Event Management (SIEM). The ideal cloud security solution should integrate the organization’s access management to secure a complete view of where the organization stands in terms of security. Security as a service is one solution that organizations may avail if they cannot provide their own.

5. Look for guidance but ensure your own security. Many organizations both government, academic, or private like the European Network and Information Security Agency (ENISA) and the Cloud Security Alliance (CSA) have published papers and guidance protocols for securing cloud environments. Organizations can consider them as guidance and must form their own way for securing their cloud based on the recommendations and incorporate their own twists into those depending on their needs.

Conclusion

A governance framework is essential for cloud computing but there shouldn’t be just one good way to do it. Since no two organizations are alike, it would make sense that no two frameworks are alike, but they would have a lot of similarities. But no matter the difference all organizations need a security governance framework for any cloud infrastructure that they may be using.

By Abdul Salam

Jen Klostermann

FinTech and Blockchain vs Traditional Banking

FinTech and Blockchain Growth "The Rise of FinTech - New York’s Opportunity for Tech Leadership", a report by Accenture and the Partnership Fund for New ...
Kayla Matthews

Here’s How AI Startups Are Doing in 2019

AI Startup Growth Now that artificial intelligence (AI) is part of the mainstream, companies are rapidly investigating what they can do to develop new AI ...
Sangeeta Chhabra

Why ‘Cloud’ Should Be A Skill In This Age of Automation

The Age of Automation It is astonishing how the world around us is changing rapidly. More and more companies are now planning their move to ...
Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is ...
Atman Rathod

How APIs and Machine Learning are Evolving? 

Machine Learning Continues to Make API Development Better  For any developer, API or Application Programming Interfaces come as the helpful components to add valuable features ...
Bruce Guptill

Resolving IT-Finance Asynchronization on Cloud Improvements

Resolving IT-Finance Asynchronization While CIO-CFO communications and alignment may never seem better, what is considered to be C-level, strategic “alignment” increasingly obscures realities that keep ...
Fog Computing.png