Layering Governance Over Cloud: Do Not Re-Build Perpetually!

Layering Governance Over Cloud 

As the latest Amazon earnings announcement for AWS suggests, enterprises have adopted cloud at a rapid pace over the last few years as a part of the emerging Bimodal IT paradigm. However, given the focus on cost and agile development, the sourcing of cloud vendors has typically been cost-based, and the governance framework adopted across empirical. The recent Sony cyberattacks have proved beyond doubt, that enterprise data is the biggest source of competitive advantage in today’s digital era and needs to be preserved and protected at all costs. Today, as critical business processes and data have started moving to the cloud, there is an increasing clamour for newer and more specific risk and control measures to ensure information security. At the same time, the threat landscape and information security requirements changes with each vendor, location, service, business priority and more. But, this does not and should not mean that organizations need re-invent their cloud management systems and governance processes again every time the threat landscape evolves.

As the phenomena of cloud-based software deployments become the new normal, enterprises need to take a deeper and renewed look into Information Security and Risk Management instead of perpetually trying to re-build their Governance, Risk and Compliance (GRC) programs to keep pace with regulations and emerging cloud service models and technologies. The modern and leading organizations of tomorrow need to adopt a layering approach. Organizations need to create a single GRC layer over their cloud ecosystem, which can expand across multiple cloud vendors and models. The layering approach is imperative to ensure the cloud ecosystem can scale securely across the following attributes:

  • Heterogeneity: The ecosystem can support heterogeneous platforms in terms of their operating systems, technology ecosystems, devices and user base to ensure economies of scale and lower total cost of ownership.
  • Virtualization: The ecosystem will adopt cloud-based virtualized environments.
  • Big Data: The ecosystem can manage the complexity, volume and variety of data being created as the phenomena of social collaboration and mobility takes centerstage in enterprises.

The GRC layer should have capabilities to consolidate information from various end-point data sources within the cloud ecosystem and aggregate them into a single container. The layer should be able to provide a common taxonomy and orchestration for system level controls, risk assessments, access control audits and compliance checks across the cloud ecosystem. It needs to have aggregation dashboards and reporting mechanisms to consolidate the data, and provide a single source of truth to IT and business leaders. As business resilience becomes paramount in modern digital enterprises, the governance layer will also need to include the business continuity and disaster recovery related audits, plans and ownership. The layer can be used to define, create and enforce a common set of policies across all cloud vendors. It can act as the repository for all historical information in terms of compliance and control measures. The GRC layer will also provide a common framework for the risk and compliance evaluation of future cloud Service Providers that an organization may be considering. Having a common risk and control framework will allow the organization to set the right benchmarks and service-level agreements for the providers and aid in assimilating them with the ecosystem in a timely manner.

Cloud Ecosystem Downtime

While the naysayers will debate the cost and complexity of the tasks at hand, the cost of not having the GRC layer within the cloud ecosystem is enormous. Analysts estimated a $5 million USD loss from one single hour of outage of AWS for Amazon itself. Today most businesses are not even able to assess the true cost of cloud ecosystem downtime. The ability to handle these outages, compliance costs and threats leveraging a comprehensive GRC layer can save trillion of dollars in business operations losses, regulatory fines and service restoration costs. A fragmented or silo-based approach not only exposes the organization to the risk of operational loss or data theft, but also increases the cost of replicating the layer separately across each silo.

In conclusion, adopting a GRC layering approach allows organizations to create a single source of truth in terms of cloud governance, as well as superimpose a business context onto cloud-based assets. It is a priority that organizations recognize cloud factors such as the total cost of ownership model, the cost of disruption and the lack of organizational governance, control and provisions. The one stop assurance framework provided by a GRC layer can allow organizations to choose across the variety of emerging service and delivery models allowing them to optimize their total cost of ownership while ensuring governance across cloud ecosystem.

By Vibhav Agarwal

Paperspace

10 Influential Cloud Gaming Platforms of 2021

Cloud Gaming Platforms The cloud gaming niche is becoming popular for the same reasons services like Netlflix, Hulu and YouTube also are: the user only requires access to the internet to enjoy gaming technology and ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Gary Bernstein

5 Popular Telemedicine Software Services

Telemedicine Software Since the beginning of the Covid-19 pandemic, telemedicine software services have become extremely popular, and every day more people are using this service instead of going to hospitals and emergency departments as they ...
Anita Raj

A Winning Data Strategy Series Part 3: From Data-driven To An Insight-driven Organization

Insight-driven Organization This is the third piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined data strategy. Data is essential, yes. But the whole idea ...
Kayla Matthews

7 Technology Trends to Look for in 2020

Leading Tech Trends 2020 Cloud computing has become the norm. As of 2019, 94% of IT professionals were using the cloud in some form or another. This widespread adoption means that although it was once a ...
Mark Banfield

A Seamless Customer Experience Is Essential to Success in Today’s Digital Economy

Implement A Seamless Customer Experience The need for digital interaction has never seemed more critical than it does today. As the coronavirus continues to spread, citizens around the world are being asked to hunker down ...