Evelyn de Souza

The Meaning Of Secure Business Agility In The Cloud

Secure Business Agility In The Cloud

As cloud continues to accelerate business delivery and shift away the balance of power from IT and InfoSec to business users, organizations need to find ways to ensure that security is part of a business process rather than an afterthought. Today’s organizations are transacting some of their most valuable data and services in the cloud. While the promise of instant availability, convenience and cost are very attractive the damage to brand, reputation and trust could be irrevocable to businesses if security is not built in.

Many CISOs and InfoSec teams continue to struggle with the new order in which business users have unprecedented freedom over how they work, what devices and applications they use to accomplish their work and from where they work. Most want to partner with their business users to figure out optimal ways to engage in cloud services securely but most don’t think of how IT security integrates into business processes. The result is that we often see burdensome processes within organizations where business users have to take extra steps to categorize data or to register new cloud security services. And, in doing so InfoSec and IT might be creating a bigger risk where business users will further make a run around InfoSec and IT. When business users are pressed for time extra processes become doubly burdensome.

Insider Threat Vectors

Reputation and trust could be irrevocable to businesses if security is not built in... Click to Tweet

Over the last year there has been a rise in both accidental and mis-intentioned insider threat vectors. With personal and business lines of work so blurred it’s easy for business users to accidentally drag and drop the wrong attachment into an email, or in the spur of a moment accidentally post a message that alludes or pertains to confidential company information, or post a regulatory-related file on an unsecured file share site in order to make it easier to work on.

The key to secure business agility in the cloud is through ongoing dialog and automation.

evolution-tech

Ongoing dialog:

  • Given the fast changing pace of today’s business environments IT and InfoSec and business users need to have constant check-ins to ensure a fruitful relationship. Needs are going to change rapidly as increasingly more services are migrated to the cloud.
  • Security processes need to be designed to be business intuitive. If business users are going to required to own the data classification process, categories should be few and very intuitive. And, so, too the process for the onboarding of new cloud services.

Automation:

There are now a slew of cloud security services that enable business users to remain agile while preserving security in a less intrusive way.

  • Emerging data security toolsets leverage big data analytics and machine learning to automate the data classification process. Such toolsets should be explored within the business culture, geographies and trialed before going broadscale.
  • Self service portals can be designed with a standard set of security profiles built in. This helps not only automate the cloud security provisioning process but also allows for consistent implementation company-wide and across the many different types of cloud services a company many engage.

As we enter into 2016, I encourage IT and business users to find more meaningful ways to ensure securely accelerate cloud services.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW’s Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry’s first blueprint for making data protection “business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

CONTRIBUTORS

Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
Scale Matters in the Enterprise Cloud

Scale Matters in the Enterprise Cloud

The Enterprise Cloud What used to be an unknown and mysterious term, “the cloud” is now a common and mostly ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...