kris lahiri

Re-Defining Security – It’s More Than Just Compliance

Re-Defining Security

Risk management is messy. The internet has known vulnerabilities, and regulatory issues seem to change faster than you can say “Privacy Shield.”

So why can’t security and compliance teams see eye to eye?

Sixty-four percent of IT executives feel confident that compliance will protect their company against breaches, according to Vormetric’s 2016 Data Threat Report. Couple this assumption with Trustwave’s finding that 77 percent of IT professionals are pressured to take IT projects public without “sufficient security protections,” and you see the beginnings of a broken system.

Security and compliance are permanently entangled. Teams that don’t collaborate effectively risk losing both. Learning how compliance and security operate now, and why teams disagree, is the first step towards bringing groups together.

Reducing Overlap and Uniting Teams

Until recently, security and compliance teams have remained siloed. Compliance is traditionally a function of paperwork: sign here, initial there, make sure critical information is laid out and legally bound. Professionals in this field succeed by understanding and adhering to extensive legal frameworks.

security-community

Contrast that with security, a highly technical function that operates deep in the bowels of IT. Security teams continuously evolve their understanding of online environments, tuning and innovating protections against an unceasing torrent of malware.

Now that forms are being validated online through software like DocuSign and ShareFile, and confidential data travels across innumerable consumerized cloud services, compliance and security overlap in many ways and the two will soon merge.

Key Tips to Ensure Security and Compliance in 2016

Online documents have brought compliance online and put paperwork into the realm of IT. To work with this new reality, teams must be clear on a few key things, otherwise the finger pointing will continue:

  1. Compliance is not security. This is an assumption that IT shops make when they’re still purely on-premise (those using XaaS have their own set of issues, which I’ll explain later). Consumers continue to demand new features and levels of service from every company in every sector, whether it sells apples or augmented reality apps. Stubborn companies will require customers to use dated—but compliant—tools like FTP, while competitor businesses will already have bounded into the mobile cloud. Becoming compliant in new ways will cost a company time, but not moving ahead will cost it the whole business.
  2. Complicated security systems are not secure.Business users are more freely finding new apps and services they want to use to improve workflows. At the same time, IT is challenged with managing oversight and outdated solutions like FTP to ensure compliance.

Business users would rather send an email with company intellectual property than try to remember yet another login and password. IT faces a different kind of feature sprawl: teams lose management and oversight – security intelligent monitoring, network breach detection, firewalls, event correlation and other security tools. When IT focuses on the handful of essentials that everyone will use—such as enterprise key management and end-to-end data encryption—and prioritizes apps that end users will actually engage with, the entire company is safer.

Becoming compliant in new ways will cost a company time, but resisting an evolution will have a negative impact on the business.

  1. The cloud is only as secure and compliant as you make it. Major cloud providers attract the best minds in security, and that’s how it should be. Every cloud service has its weaknesses. What they are depends on the product or services a company provides. Custom integrations, while convenient, open up new backdoors that wouldn’t otherwise be there. From a security standpoint, companies must ensure that their providers maintain a centralized API as the only way for one service to digitally communicate with another, and aren’t littered with custom integrations.

A New Framework to Align Security and Compliance

There will always be new malware, and new regulations show no signs of stopping their forward march either.

ID-Theft-Comic

Privacy is seen as a consumer rights issue in the US, but to Europeans, it is a fundamental right—and transnational agreements are getting ever more complicated because of it.

Last year, the European Court of Justice decided that Safe Harbor rules were not specific enough to protect citizen data from NSA mass surveillance and backdoors. Reborn as Privacy Shield, the new transatlantic agreement promises to add more stringent reviews and give US agencies like the FTC broader enforcement powers.

Does adding layers of legal directives and pulling in more agencies really guarantee data privacy across the pond? The verdict is out, but the unfolding drama of Privacy Shield should serve as a lesson to every organization wishing to keep its data both secure and compliant: align the security and compliance organizations and concentrate on forward innovation. 

While it may take time to establish, once alignment is achieved it will enable the teams to move forward with confidence and shift their focus back to the business. And that is a value proposition that everyone can appreciate.

kris lahiriBy Kris Lahiri

Kris is co-founder and Chief Strategy Officer at Egnyte, responsible for Egnyte’s security and compliance, as well as the core infrastructure, including storage and data center operations. Prior to Egnyte, Kris spent many years in the design and deployment of large-scale infrastructures for Fortune 100 customers of Valdero and KPMG Consulting. Kris has a B.Tech in Engineering from the Indian Institute of Technology, Banaras, and an MS from the University of Cincinnati.

 

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

Contact us for more information on how to get involved in our content related services and placement programs.

CONTRIBUTORS

Want To Save The Planet And Be Green? Then Go Cloud!

Want To Save The Planet And Be Green? Then Go Cloud!

Going Green Data Centers (DC’s) – they are hungry beasts. Ten years ago the EPA estimated that DC’s consumed 61 ...
Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Staying on Top of Your Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Security It’s no secret many organizations rely on popular cloud providers like Amazon and Microsoft for access to computing ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...
Cloud’s Challenge – Bigger than Twice the Stars in the Milky Way

Cloud’s Challenge – Bigger than Twice the Stars in the Milky Way

There are only 100 Billion stars in the Milky Way. Compare that to the over 200 Billion lines of COBOL ...
The Security of Cloud-Based Software and Client Communication

The Security of Cloud-Based Software and Client Communication

Cloud-Based Software Security The fear of not having a secure cloud-based software should far outweigh the fear of switching to a ...
Open APIs Alone Won’t Change Banking

Open APIs Alone Won’t Change Banking

Open Banking API's Most people think of banks as one monolithic entity, but they are actually made up of hundreds ...
The Cloudification of Healthcare: Benefits and Risks

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks Many organizations are moving most of their business-critical applications and workloads to the cloud. The ...
The Economy Just Limps Along. Guess Who’s to Blame?

The Economy Just Limps Along. Guess Who’s to Blame?

Productivity seems down the drain. Unemployment is at historic lows yet real wage growth is pathetic. Why? Hard to believe ...

NEWS

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

EDINBURGH, Scotland, Nov. 21, 2017 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices ...
HPE CEO Whitman's surprise exit stumps Wall Street

HPE CEO Whitman’s surprise exit stumps Wall Street

(Reuters) - Shares of Hewlett Packard Enterprise Co (HPE.N) fell 6 percent on Wednesday after Chief Executive Officer Meg Whitman’s ...
OVH Announces New Hosted Private Cloud Offerings for US Market

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH delivers next-generation services for hosted private cloud, disaster recovery, and hybridity leveraging industry-leading solutions RESTON, VA--(Marketwired - Nov 20, ...

SPONSORS

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Tackling Complex IT Challenges Today’s sophisticated business environment demands a dynamic and robust IT infrastructure which is a far cry ...
Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management It’s no exaggeration to say that the Internet is now the heart of the global economy. Competition ...
Scale your Windows Azure application

Help Your Business Improve Security By Choosing The Right Cloud Provider

Choosing The Right Cloud Provider Security issues have always been a key aspect of business planning; failure to properly protect ...