Vibhav Agarwal

Cloud And Cybersecurity: 5 Things CISOs Need To Consider

The Cloud and Cybersecurity

Tomorrow’s digital enterprise is at war today. War not only with external cybersecurity hackers and viruses, but also within the organization itself – a conclusion based on my discussions with information security managers and cloud architects around the world. While most executives understand the importance of a business driven, risk management-focused cybersecurity model, they do not address cybersecurity as an organizational issue, but more as a compliance or IT checklist issue.

As business models transform, becoming the leading and modern digital enterprises of the future, we see a shift in other areas as well. This is the age of the customer, and in a digital world, customer service or dis-service can be decided by one successful phishing attempt on an organization’s website. As recent events have proven, a successful cyber-attack has the ability to not only bring the organization down to its knees in minutes, but makes getting up quickly nearly impossible.

risk-manegement

(Image Source: Shutterstock)

Furthermore, as business leaders lean more and more on the Cloud as a default choice for newer, faster systems of engagement with customers, new complexities come into the picture. Fast speed and customer centric front-end application characteristics like zero downtime, instant cross channel functionality deployment, and real time performance management make the cloud an ideal environment. But cloud and cybersecurity – how do we take care of that?

There are five key things that every IT Manager and Architect should think about as they aspire to be the CISO of tomorrow’s leading digital enterprise:

1. It’s a Business Problem:

As custodians of sensitive customer information and business value delivery, the CISOs of tomorrow should understand the importance of keeping data safe and secure. CISOs should ensure that they are part of a core team looking at the organizational risk appetite, which includes aspects like loss of IP, customer information loss, business operation disruption, and more. The CISO should present the organizational cybersecurity risk in the context of business by correlating IT assets and their residual scores with their business importance. The trade-offs of newer cybersecurity investments versus the status quo need to be examined from a more strategic and organizational perspective, rather than mere annual investment or upgrade perspective.

2. The First C of an Effective Cloud Strategy is Controls:

The focus needs to be on controls, not on cost. If the CISO of tomorrow is not able to effectively implement controls with regards to data segregation, data security and infrastructure security, then the cost of keeping the data in the cloud can be prohibitive. Incorporating the right set of controls into your organization’s cloud deployments from the start and establishing a sustainable monitoring mechanism is key to ensuring that cloud investments have a positive trade-off from a total cost of ownership perspective.

3. Effective Governance and Reporting is Not an Afterthought:

Keeping business stakeholders informed on IT policies and controls from the start, especially those critical to business operations and cybersecurity, is important. The CISO of tomorrow should put in place a granular governance and reporting mechanism to encapsulate not only the organizational IT assets and ecosystem, but also cloud deployments. This system should handle all risk and compliance reporting related-requirements and their correlation with the business operations in order to make sense to business heads.

4. Is the Business Continuity Plan in Place:

Cyber attack planning and response is one of the biggest challenges for the CISO of tomorrow. With cloud-based infrastructure, the problem gets even more complicated. Having a clear incident response strategy and manual, a well-defined business impact analysis, and a mass notification and tracking mechanism are just some of the aspects that will be highly critical for ensuring that business disruptions are handled in a tightly coordinated manner. Again, having business context is important to achieve this.

5. Should we Consider Cyber-Insurance:

Indemnification against cyber attacks and the resulting loss of reputation, data and revenue is going to become a trend fairly soon. The CISOs of tomorrow should monitor the need and requirements of getting cyber insurance proactively, and counsel business stakeholders appropriately. This will be an important hedging strategy to minimize possible financial losses from lawsuits, business disruptions and data losses.

Today, with ubiquitous Internet connectivity, cloud-based IT ecosystems and an ever-evolving cyber-engagement business model, cybersecurity is a growing social and business issue. The CISO and CIOs of tomorrow need to ensure sustained support and focus from top management if they want to succeed in their cyber-fortification efforts. They also need to enhance their horizons across the business context, financial aspects and wider strategic objectives to guarantee that the organization’s data security is evolving in line. If the digital enterprise of tomorrow wants to grow and innovate, the question is not “are we doing enough today”, but rather, “are we thinking enough about tomorrow?

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website
Google hit with record $5 billion EU antitrust fine

Google hit with record $5 billion EU antitrust fine

EU regulators hit Google with a record 4.34 billion euros ($5 billion) antitrust fine on Wednesday for using its Android mobile operating system to squeeze out rivals. The penalty is nearly double the previous record ...
The Virtue of Intelligence in the Cloud

The Virtue of Intelligence in the Cloud

According to a recent IDG survey, about 70% of companies have at least one application in the cloud. An additional 43% want to migrate most, or all, of their data workloads and analytics capabilities to the ...
The Fraud Management Solutions Market Will Exceed $10 Billion By 2023

The Fraud Management Solutions Market Will Exceed $10 Billion By 2023

Estimates of the cost of fraud vary widely, but almost everyone agrees that the cost is huge and appears to be increasing. Looking just at eCommerce, Forrester predicts that US and Western European eCommerce fraud ...
Adopting An Industry-Wide Red Line Movement

Adopting An Industry-Wide Red Line Movement

Red Line Movement Recently, I’ve been calling for an industry-wide adoption of the red line philosophy to help with the ...
Open APIs Alone Won’t Change Banking

Open APIs Alone Won’t Change Banking

Open Banking API's Most people think of banks as one monolithic entity, but they are actually made up of hundreds ...
Chris

How to Avoid Becoming Another Cloud Security Statistic

Cloud Security Statistic Last year, Gartner predicted that, by 2020, 95 percent of all cloud security failures will be caused ...
How Leading Organizations are Leveraging Big Data

How Leading Organizations are Leveraging Big Data

Seeing The Big Data Picture “Data will talk to you if you’re willing to listen”— Jim Bergeson. Few can dispute ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
What Is Net Neutrality And Why Is It So Important?

What Is Net Neutrality And Why Is It So Important?

What Is Net Neutrality? Net neutrality is a concept that has been the centre of a lot of debates recently, ...