Using Machine Learning To Find Employees Who Can Scale With Your Business

Using Machine Learning To Find Employees Who Can Scale With Your Business

Machine Learning To Find Employees Hiring managers in search of qualified job candidates who can scale with and contribute to their growing businesses are facing a crisis today. They’re not finding the right or in many cases, any candidates at all using resumes alone, Applicant
10 Charts That Will Change Your Perspective Of Big Data’s Growth

10 Charts That Will Change Your Perspective Of Big Data’s Growth

Big Data’s Growth Worldwide Big Data market revenues for software and services are projected to increase from $42B in 2018 to $103B in 2027, attaining a Compound Annual Growth Rate (CAGR) of 10.48% according to Wikibon. Forrester predicts the global Big Data software market will
vibhav

Cloud Security: How Can GRC Help?

Cloud Security

An integrated GRC approach to cloud acceptance, adoption and scale includes the risk perspective from the beginning. Harnessing the power of cloud security with a GRC framework can promote and improve information security practices and drive better business performance.

One of my favorite Dilbert cartoons shows Mordac, the “Preventer of Information Service,” saying, “cloud computing is no good because strangers would have access to our data.” Dilbert tries to explain encryption technology is trustworthy—certainly more trustworthy than Mordac himself. The grain of truth here is that, within any organization, there are still mixed responses to cloud computing.

Today, enterprises are adopting cloud computing in a big way. According to CIO.com, the National Association of State CIOs (NASCIO) recently surveyed its members and reported cloud adoption is the second biggest priority for CIOs, only after cybersecurity. But CIOs today are still choosy about what data they want to place in the cloud. The majority have asserted that they do NOT want to put confidential company financial data or credit card data in the cloud. Makes sense—personal information data leaks are terrible PR.

Simply stated, the perception of cloud computing at most companies is mixed. Those advocating for the cloud speak to its improved agility, flexibility, high performance and lowered costs. Those who are still on the fence are concerned about data security, decentralization of their IT team, service reliability and the loss of control over their IT ecosystem. Both sides of the debate have valid points.

security-alert

10 Key Imperatives

To increase acceptance and adoption of cloud computing at your organization, there are ten must-haves that can be sub-divided into two groups – infrastructure imperatives and information security imperatives. The first set is the infrastructure imperatives, which affect the cloud-hosting environment:

Federated identity management & access control – The cloud-based system must permit several users at a time, with differing levels of access to ensure proper segregation of duties.
Centralized control and visibility over the IT landscape – The IT manager should have the capability to monitor and manage the system from a centralized console.
Dynamic failover protection & data replication – The system should guarantee 99.5 percent reliability as a minimum.
Automated application performance management – For a uniform user experience, the system should ensure performance as per the service-level agreement (SLA).
Network segmentation – The ability to segment and segregate the networks, across various customers, will ensure minimal propagation of any cybersecurity issue.

Given the proliferation of cybersecurity threats and vulnerabilities, the remaining five are information security imperatives that apply to both hosted and otherwise.

Continuous threat and vulnerability assessments – Data center security needs to be assessed regularly to ensure adherence to latest information and network security standards.
Security upgrades and monitoring on demand – Monitor security posture and ensure that regular updates are being provided as per the latest set of cyber-threats.
Meta-data driven information security – Analysis of meta-data being generated across the security and system logs will identify significant, potentially malicious, patterns.
Continuous control monitoring of policies – It is vital to have continuous monitoring and adherence to security, access and other policies across the cloud.
Virtualized security & perimeter controls – The security and perimeter controls need to percolate to the virtualized machine level.

How can we achieve these imperatives across cloud-based deployments?

The enterprise needs to implement a robust governance-risk management-compliance (GRC) framework across the complete cloud infrastructure, which can act as a the single source of truth across all regulatory compliances, security and access controls as well risk and vulnerability assessments.

Wish list for a GRC Framework

Basic Components

First, let’s look at the “bare minimum” requirements for a GRC framework for cloud computing:

Continuous system monitoring – Feed regular system related logs and reports into the GRC framework for continuous risk assessments.
Penetration Testing audits – Audit the third-party penetration test results, findings and remediations on a pre-determined schedule.
Incident response management – Create and manage a defined workflow within the organization to ensure a coordinated response from various departments such as IT, Legal, Finance, etc. and respond appropriately to any cloud security events.
Data portability testing – Perform a yearly or quarterly audit and document the process and audit findings to ensure that the data is portable across data centers.
Disaster recovery & business continuity – Ensure that proper disaster recovery and business continuity measures are in place along with regular tests and documentation.
Onsite & offsite backup audits – Audit backups to check for their ability to restore data.

Advanced Components

Once the must-haves have been checked off, here is a list of “nice to haves”:

Data encryption audits – Audit and document the storage control and key management procedures for encrypted data. This is typically applicable for sensitive data only.
Forensics log management and reporting – Analyze meta-data continuously generated by system and security logs, and identifying any adverse patterns.
Elasticity & load tolerance testing – Ensure that resources can be augmented in the peak performance periods by performing regular load tolerance and elastic demand management testing.
Advanced cyber-attack prevention measures – Monitor and implement cyber attack prevention measures pro-actively by integrating with new threat and vulnerability solutions.
Advanced cloud security analytics – Establish an advanced cloud security analytics information center as part of the GRC dashboard and centralize its monitoring and management.

Apart from the components listed above, as the cloud computing world evolves, there is an increasing number of regulations and checklists coming up to ensure its adherence to established standards, including SSAE16 SOC 2 controls, FedRAMP certification, HIPAA regulation and Cloud Security Alliance (CSA). Your organization’s GRC framework for cloud should be able to streamline the audit and checklist-based assessments around these and ensure proper adherence to world-class standards for cloud adoption and security.

Conclusion

An integrated GRC approach to cloud acceptance, adoption and scale includes the risk perspective from the beginning. Harnessing the power of cloud security with a GRC framework can promote and improve information security practices and drive better business performance.

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website

TOP ARCHIVES

3 Considerations To Help Businesses Navigate Cloud Implementation

3 Considerations To Help Businesses Navigate Cloud Implementation

Cloud Implementation Cloud computing technology has improved significantly in the past year, making it an appealing tool for businesses of ...
3 Challenges of Network Deployment in Hyperconverged Infrastructure

3 Challenges of Network Deployment in Hyperconverged Infrastructure

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, ...
5 Pitfalls to Avoid when Selecting a Cloud-based Video Conferencing System

5 Pitfalls to Avoid when Selecting a Cloud-based Video Conferencing System

Video Conferencing System Pitfalls A recent survey revealed that three out of four executives predict that video conferencing will ultimately ...
Cloud Proofing Future Business Challenges

Cloud Proofing Future Business Challenges

Cloud Proofing Business Hardly a week goes by without coming across news around the increase in the number of organizations ...
2019 Big Data and Data Science Predictions Through the Lens of Comedy Movies

2019 Big Data and Data Science Predictions Through the Lens of Comedy Movies

2019 Big Data and Data Science Predictions It’s that time of year again when I look into the Crystal Skull…er, ...

PARNTER LEARNING

$1,499.00Enroll Now

Cyber Security Expert Master's Program

Cyber Security Expert Master’s Program

The course will teach you: Advanced hacking concepts that can help you manage information security better. Architectures of frame cloud data storage and security strategies. You will learn how to use them to find and analyze risks. How to install, ...

$2,899.00Enroll Now

CEH (v10) – Certified Ethical Hacker Training Course

CEH (v10) – Certified Ethical Hacker Training Course

The course will help you: To understand the tactics and methodologies that hackers use to attack and penetrate any network. Understand honeypots, wireless hacking, firewall, and IDS. Become an expert in the hacking concepts, including smartphone hacking, writing virus codes, ...