vibhav

Layering Governance Over Cloud: Do Not Re-Build Perpetually!

Layering Governance Over Cloud 

As the latest Amazon earnings announcement for AWS suggests, enterprises have adopted cloud at a rapid pace over the last few years as a part of the emerging Bimodal IT paradigm. However, given the focus on cost and agile development, the sourcing of cloud vendors has typically been cost-based, and the governance framework adopted across empirical. The recent Sony cyberattacks have proved beyond doubt, that enterprise data is the biggest source of competitive advantage in today’s digital era and needs to be preserved and protected at all costs. Today, as critical business processes and data have started moving to the cloud, there is an increasing clamour for newer and more specific risk and control measures to ensure information security. At the same time, the threat landscape and information security requirements changes with each vendor, location, service, business priority and more. But, this does not and should not mean that organizations need re-invent their cloud management systems and governance processes again every time the threat landscape evolves.

cloud landscape

As the phenomena of cloud-based software deployments become the new normal, enterprises need to take a deeper and renewed look into Information Security and Risk Management instead of perpetually trying to re-build their Governance, Risk and Compliance (GRC) programs to keep pace with regulations and emerging cloud service models and technologies. The modern and leading organizations of tomorrow need to adopt a layering approach. Organizations need to create a single GRC layer over their cloud ecosystem, which can expand across multiple cloud vendors and models. The layering approach is imperative to ensure the cloud ecosystem can scale securely across the following attributes:

  • Heterogeneity: The ecosystem can support heterogeneous platforms in terms of their operating systems, technology ecosystems, devices and user base to ensure economies of scale and lower total cost of ownership.
  • Virtualization: The ecosystem will adopt cloud-based virtualized environments.
  • Big Data: The ecosystem can manage the complexity, volume and variety of data being created as the phenomena of social collaboration and mobility takes centerstage in enterprises.

shutterstock_214315015

The GRC layer should have capabilities to consolidate information from various end-point data sources within the cloud ecosystem and aggregate them into a single container. The layer should be able to provide a common taxonomy and orchestration for system level controls, risk assessments, access control audits and compliance checks across the cloud ecosystem. It needs to have aggregation dashboards and reporting mechanisms to consolidate the data, and provide a single source of truth to IT and business leaders. As business resilience becomes paramount in modern digital enterprises, the governance layer will also need to include the business continuity and disaster recovery related audits, plans and ownership. The layer can be used to define, create and enforce a common set of policies across all cloud vendors. It can act as the repository for all historical information in terms of compliance and control measures. The GRC layer will also provide a common framework for the risk and compliance evaluation of future cloud service providers that an organization may be considering. Having a common risk and control framework will allow the organization to set the right benchmarks and service-level agreements for the providers and aid in assimilating them with the ecosystem in a timely manner.

Cloud Ecosystem Downtime

While the naysayers will debate the cost and complexity of the tasks at hand, the cost of not having the GRC layer within the cloud ecosystem is enormous. Analysts estimated a $5 million USD loss from one single hour of outage of AWS for Amazon itself. Today most businesses are not even able to assess the true cost of cloud ecosystem downtime. The ability to handle these outages, compliance costs and threats leveraging a comprehensive GRC layer can save trillion of dollars in business operations losses, regulatory fines and service restoration costs. A fragmented or silo-based approach not only exposes the organization to the risk of operational loss or data theft, but also increases the cost of replicating the layer separately across each silo.

In conclusion, adopting a GRC layering approach allows organizations to create a single source of truth in terms of cloud governance, as well as superimpose a business context onto cloud-based assets. It is a priority that organizations recognize cloud factors such as the total cost of ownership model, the cost of disruption and the lack of organizational governance, control and provisions. The one stop assurance framework provided by a GRC layer can allow organizations to choose across the variety of emerging service and delivery models allowing them to optimize their total cost of ownership while ensuring governance across cloud ecosystem.

(Image Source: Shutterstock)

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website
Are You Doing Enough To Protect Your Business From Ransomware? Probably Not

Are You Doing Enough To Protect Your Business From Ransomware? Probably Not

Protect Your Business From Ransomware Ransomware is more advanced than ever. If you aren’t updating your security with that in ...
Learning to Code is as Useful as Learning Ancient Greek

Learning to Code is as Useful as Learning Ancient Greek

Your children will be left behind if they don’t learn to code. Really? What if coding as we know it ...
Bill Schmarzo’s Top 2017 Big Data, Data Science and IOT Blogs

Bill Schmarzo’s Top 2017 Big Data, Data Science and IOT Blogs

Big Data, Data Science and IOT Blogs To put us on the path for a successful and engaging 2018, here ...
Data Breaches: Incident Response Planning - Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning - Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last ...
Mark Carrizosa

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Record Breaches Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT ...
Scale Matters in the Enterprise Cloud

Scale Matters in the Enterprise Cloud

The Enterprise Cloud What used to be an unknown and mysterious term, “the cloud” is now a common and mostly ...
Turn to the Cloud as Part of Your Data Breach Strategy

Turn to the Cloud as Part of Your Data Breach Strategy

Data Breach Strategy The latest Verizon Data Breach Investigations Report is out, and the verdict is in: data breaches are ...
Technology And Trends That Will Help Shape The Enterprise IT In 2018

Technology And Trends That Will Help Shape The Enterprise IT In 2018

Enterprise Trends In 2018 Enterprise Trends In 2018... The year 2017 was a landmark year for the Enterprise IT. On ...
Will Chatbots Finally Make Mobile Payments Popular?

Will Chatbots Finally Make Mobile Payments Popular?

The Future of Chatbots We’ve profiled several digital wallet platforms that aim to change how we make payments. Apple, Samsung, ...
Update: Timeline of the Massive DDoS DYN Attacks

Update: Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down ...