Vibhav Agarwal

Cloud And Cybersecurity: 5 Things CISOs Need To Consider

The Cloud and Cybersecurity

Tomorrow’s digital enterprise is at war today. War not only with external cybersecurity hackers and viruses, but also within the organization itself – a conclusion based on my discussions with information security managers and cloud architects around the world. While most executives understand the importance of a business driven, risk management-focused cybersecurity model, they do not address cybersecurity as an organizational issue, but more as a compliance or IT checklist issue.

As business models transform, becoming the leading and modern digital enterprises of the future, we see a shift in other areas as well. This is the age of the customer, and in a digital world, customer service or dis-service can be decided by one successful phishing attempt on an organization’s website. As recent events have proven, a successful cyber-attack has the ability to not only bring the organization down to its knees in minutes, but makes getting up quickly nearly impossible.

risk-manegement

(Image Source: Shutterstock)

Furthermore, as business leaders lean more and more on the Cloud as a default choice for newer, faster systems of engagement with customers, new complexities come into the picture. Fast speed and customer centric front-end application characteristics like zero downtime, instant cross channel functionality deployment, and real time performance management make the cloud an ideal environment. But cloud and cybersecurity – how do we take care of that?

There are five key things that every IT Manager and Architect should think about as they aspire to be the CISO of tomorrow’s leading digital enterprise:

1. It’s a Business Problem:

As custodians of sensitive customer information and business value delivery, the CISOs of tomorrow should understand the importance of keeping data safe and secure. CISOs should ensure that they are part of a core team looking at the organizational risk appetite, which includes aspects like loss of IP, customer information loss, business operation disruption, and more. The CISO should present the organizational cybersecurity risk in the context of business by correlating IT assets and their residual scores with their business importance. The trade-offs of newer cybersecurity investments versus the status quo need to be examined from a more strategic and organizational perspective, rather than mere annual investment or upgrade perspective.

2. The First C of an Effective Cloud Strategy is Controls:

The focus needs to be on controls, not on cost. If the CISO of tomorrow is not able to effectively implement controls with regards to data segregation, data security and infrastructure security, then the cost of keeping the data in the cloud can be prohibitive. Incorporating the right set of controls into your organization’s cloud deployments from the start and establishing a sustainable monitoring mechanism is key to ensuring that cloud investments have a positive trade-off from a total cost of ownership perspective.

3. Effective Governance and Reporting is Not an Afterthought:

Keeping business stakeholders informed on IT policies and controls from the start, especially those critical to business operations and cybersecurity, is important. The CISO of tomorrow should put in place a granular governance and reporting mechanism to encapsulate not only the organizational IT assets and ecosystem, but also cloud deployments. This system should handle all risk and compliance reporting related-requirements and their correlation with the business operations in order to make sense to business heads.

4. Is the Business Continuity Plan in Place:

Cyber attack planning and response is one of the biggest challenges for the CISO of tomorrow. With cloud-based infrastructure, the problem gets even more complicated. Having a clear incident response strategy and manual, a well-defined business impact analysis, and a mass notification and tracking mechanism are just some of the aspects that will be highly critical for ensuring that business disruptions are handled in a tightly coordinated manner. Again, having business context is important to achieve this.

5. Should we Consider Cyber-Insurance:

Indemnification against cyber attacks and the resulting loss of reputation, data and revenue is going to become a trend fairly soon. The CISOs of tomorrow should monitor the need and requirements of getting cyber insurance proactively, and counsel business stakeholders appropriately. This will be an important hedging strategy to minimize possible financial losses from lawsuits, business disruptions and data losses.

Today, with ubiquitous Internet connectivity, cloud-based IT ecosystems and an ever-evolving cyber-engagement business model, cybersecurity is a growing social and business issue. The CISO and CIOs of tomorrow need to ensure sustained support and focus from top management if they want to succeed in their cyber-fortification efforts. They also need to enhance their horizons across the business context, financial aspects and wider strategic objectives to guarantee that the organization’s data security is evolving in line. If the digital enterprise of tomorrow wants to grow and innovate, the question is not “are we doing enough today”, but rather, “are we thinking enough about tomorrow?

By Vibhav Agarwal

Vibhav Agarwal

Vibhav Agarwal is the Director, Product Marketing at MetricStream.

Vibhav has 11+ years of progressive experience in Enterprise product marketing, sales management, ERP & CRM program planning and delivery, software vendor selection and implementation across Hi-Tech, Trading & Capital Markets and Internet domains. Worked extensively in various roles dealing with multinational conglomerates as well as mid-sized companies like Info Edge India, in deals ranging between 0.5-30 million USD. Exposure to all stages of product and IT applications, sales & marketing, product management, and enterprise implementations.

View Website
Follow the Lead: 5 Data Security Tips Small Businesses Should Mimic From Larger Enterprises

Follow the Lead: 5 Data Security Tips Small Businesses Should Mimic From Larger Enterprises

Data Security Tips Small Businesses Should Mimic As more and more companies begin to switch to the cloud, cyber attacks ...
5 Recommendations for Effective Governance, Risk and Compliance Management

5 Recommendations for Effective Governance, Risk and Compliance Management

Effective Governance, Risk and Compliance Cloud adoption continues to grow, which is evident from the fact that annual 2016 revenues ...
5 Tips For Improving Enterprise Cloud Success In 2017

5 Tips For Improving Enterprise Cloud Success In 2017

Improving Enterprise Cloud There has been an increase in the adoption rate of cloud technology to help businesses keep capital ...
5 Simple Tips to Make Strong and Robust Business Continuity Plans

5 Simple Tips to Make Strong and Robust Business Continuity Plans

Business Continuity Plans Today’s organizations need comprehensive and robust business continuity planning for swift and effective action in case of ...
5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

Accountant Cloud Tools Digital tools and software have become an inseparable part of any accountant's profession. There are software for ...
5 Ways Cloud Computing Is Having an Impact on The Energy Sector

5 Ways Cloud Computing Is Having an Impact on The Energy Sector

Computing Energy Sector We’ve discussed here in the past how cleantech (a blanket term that includes technologies that affect recycling, ...
5 Ways The Latest Cloud Tools Can Help Increase Sales

5 Ways The Latest Cloud Tools Can Help Increase Sales

Cloud Tools Can Help Increase Sales How new cloud technology can help you source, manage and close more leads. We take ...
5 Cloud Questions Every CIO Needs To Know How To Answer

5 Cloud Questions Every CIO Needs To Know How To Answer

The Hot Seat Five cloud questions every CIO needs to know how to answer The cloud is a powerful thing, ...
The Top 5 Challenges You Cannot Avoid When Adopting a Cloud ERP

The Top 5 Challenges You Cannot Avoid When Adopting a Cloud ERP

Adopting a Cloud ERP The main challenges to implementing a Cloud ERP solution differ depending on whether the implementation is ...