David Friend

Data Centers Need to Wake Up and Compete with the Hyperscalers

By David Friend | October 17, 2019

Data Centers Need to Wake Up and Compete with the Hyperscalers Win Customer Hearts & Minds and Become a Trusted

Wired Logo

For Tech Jobs, the Rich Cities Are Getting Richer 3m

By Wired | December 9, 2019

Earlier this fall, during a town hall meeting at Facebook headquarters in Menlo Park, Mark Zuckerberg addressed his flock with

Visual Security Data

The Soft-Edged Cloud: A Security Challenge

The Cloud Security Challenge

The use of the term “cloud” to describe global, offsite, computing and storage technology is apt for a number of reasons; not all of them good. The metaphor succeeds largely when people visualize their data hovering over their heads, no longer tied to a single location, and consequently easy to access from anywhere. But there are other parallels with actual meteorological clouds, specifically their soft, amorphous shape. This causes problems in perception and definition, which naturally lead to potential difficulties with security.

ISC 2 - CCSPDavid Shearer, CEO of cyber, information, software and infrastructure security certification and education body (ISC)2, points out that the enthusiasm or pressure that companies feel to build their businesses quickly into the cloud can potentially lead to a fundamental weakness. “The easier it becomes to purchase cloud solutions,” he says, “the easier it is for organizations to get ahead of themselves. Business lines within a company can easily acquire cloud-based services, and the fast time to acquire and provision cloud services is extremely attractive. Any organization would be crazy not to take advantage of that.” Shearer points out, however, that when a company elects to leverage cloud solutions and services, management needs to be smart about it; and part of that includes proper and continuous security measures:

As recently as a few years ago, security was looked at as a hindrance; something that got in the way. In these situations, sometimes bad things needed to happen for people to pay attention. In the C-suite, if nothing else, CEOs and CxOs are losing their jobs for a perceived lack of due diligence and lack of strategy to protect a corporation’s intellectual property or personally identifiable information – and that gets people’s attention. Increasingly, what is needed is better communication between those actually responsible for making security work, and the C-suite.

In addition to the lack of clear comprehension of cloud in the executive office, there is also a similar disconnect throughout other levels of business.

Defining The Cloud

Adam Gordon is an author, subject matter expert and instructor at (ISC)2. He illustrates a significant challenge to cloud security being the definition of cloud itself. There’s a great interest in anything and everything cloud,” he says, “but the problem is, as individuals and as businesses, we don’t always understand what cloud means. As a result, there tends to be a gap, where consumption is a lead indicator and security is an afterthought.” It is ill-defined in many people’s minds, Gordon adds. “Many people look at it as a marketing slogan or a marketing solution, but they don’t really get it. As a result, I think one of the biggest issues that we face, as security professionals in the cloud, is the idea of how to create a common ground in terms of what it is we are talking about and how we will frame conversation around risk, liability, security, and things that go with that.”

Yet a third challenge to effective understanding of the cloud is the change of mindset needed, especially among managers and decision makers who spent their early years in the company of mainframes, dumb terminals and internal networks. For many, there is a pervasive, almost instinctive sense that data and computing systems are physically safer when they exist inside the actual walls of a company where they can be seen and touched. The notion of storing data on someone else’s computer somewhere in the world just does not feel right. The truth is that data is generally safer when transferred to the vaults of a cloud organization whose sole mandate is secure storage, but adherence to ideas from an earlier age is a very human attribute; one that never fully disappears.

Mobile Employees

Finally, there is the relatively new phenomenon of mobile employees who see their smart devices as their office, and who expect to use them at home, at work, and in public spaces like coffee shops and transit terminals, accessing Wi-Fi connections with little thought as to security. This soft, boundary-less setting has a direct parallel to actual clouds. Where, after all, does work-related security begin and end, when the device being used shares storage space and connectivity with personal files and pursuits? Adam Gordon worries that enabling individuals to work productively in these non-traditional environments with equally non-traditional capabilities and platforms opens up a collection of unknowns in terms of security and the individualized approach to data.

The softness of the cloud reinforces the need for a new type of security specialist; someone with the experience and wisdom to stay on top of a fast changing environment, and with the skills to communicate the necessary directives to the executive as well as to the rest of the IT team. This is the reason behind the development of the CCSP designation. The cloud will only continue to grow in size and versatility. Successful usage must involve a sound and ongoing security strategy across all levels of operation.

For more on the CCSP certification from (ISC)2 please visit their website. Sponsored by (ISC)2.

By Steve Prentice

POPULAR ARCHIVES

Courtney

The Cloud Debate – Private, Public, Hybrid or Multi Clouds?

The Cloud Debate Now that we’ve gotten over the hump of whether we should adopt the cloud or not, “which

Karinratchinsky.level3.headshot Edited

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have

Report Cloud Services

Report: Enterprises using the cloud for mission control projects

Enterprises using the cloud Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now

Daren

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and

Future

Birth of Modern Computing Then & Now

Modern Computing From as early as the onset of modern computing, the possibility of resource distribution has been explored. Today’s