CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

shutterstock_325028006

Resurrecting CHAOS (Controlling Havoc and Overhauling Security) for Today’s CIOs

Resurrecting CHAOS for Today’s CIOs and CISOs

While at CloudExpo, London last week I had the chance to chat to RedHat’s Richard Morell. He suggested that I resurrect CHAOS (Controlling Havoc and Overhauling Security) Theory from a couple of years ago as the message is still holds very true.

The term ‘chaos theory’ first came about in the 1980s as a way to ascribe order to a seemingly random set of events. And, in today’s landscape of stark contrasts between business opportunities and impending risk, CIOs and CISOs have to drive collaboration and controlled acceleration: That is where CHAOS Theory comes into play: enabling both a new order and the opportunity for CIOs and CISOs to be part of the strategic business agenda.

Most CISOs cannot state with confidence that their organization’s information assets are secure. The general processes and even toolsets in place today are not standing up to the way that we do business or the attacks we’ve seen in the last few years, so why do we assume they will be good enough for the future? Mobility and BYOD are just the beginning of the next wave of infrastructure security challenges. We need to be concerned beyond just users having left IT’s security control and focus on thee data in often unsanctioned apps. that follows these users into the public cloud. We most often think about insider threats as malicious, but these cases that most often make headlines are just the tip of the iceberg.

Well intentioned employees may be a bigger risk still as with the blurring of social and work it’s so easy to accidentally overshare sensitive enterprise data. And, if we thought it was bad enough when cyber thieves steal our data what havoc will they wreak in the Internet of Things era when they change it?

The goal with the CHAOS Theory is really to funnel user demand in a way that is far more ordered and less chaotic than today. There isn’t a single proposal or program that applies universally to all organizations but following is where you might start:

  • Rather than fight loss at the endpoint and an evaporated enterprise perimeter, instead focus on contextual identity-based controls such as location, time, what type of data, and/or threat vector to determine what resources users and devices can connect to.
  • Leverage cloud threat data feeds to make more accurate risk predictions based on an aggregate view of threats seen around the world.
  • Utilize big data-processing facilities such as HADOOP and OLAP (online analytical processing) to identify potential data breaches, data leakages and system compromise so that defensive controls can be adapted or updated in real time.

And, for CISOs looking to demonstrate the value of their teams and work to executive and strategic business holders, consider the following:

  • Implement a metrics analysis platform to enable the CIO and CISO to act as the central point of governance and thus better quantify and qualify
  • Establish an executive forum for reviewing compliance with key business stakeholders

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

The Lighter Side Of The Cloud - Storage Overload
The Lighter Side Of The Cloud - Easter Egg Hunt
The Lighter Side Of The Cloud – Google vs Microsoft
The New Kids On The Block: Data Protection Officers

The New Kids On The Block: Data Protection Officers

Data Protection Officers The General Data Protection Regulation (GDPR) is officially here. Yet, organizations are still unaware, are ignoring, or ...
Cloud’s Mighty Role - Why Custom Development is the Next Big Thing (Again)

Cloud’s Mighty Role – Why Custom Development is the Next Big Thing (Again)

Custom Development is the Next Big Thing Today, software is playing a very important role in performing basic business processes ...
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape Mapping the customer journey is one of the biggest strategic shifts currently underway in the marketing industry ...
Ransomware Cyber-Attacks: Best Practices and Preventative Measures

Ransomware Cyber-Attacks: Best Practices and Preventative Measures

Ransomware Cyber-Attacks “WanaCrypt0r 2.0” or “WannaCry,” an unprecedented global ransomware cyber-attack recently hit over 200,000 banking institutions, hospitals, government agencies, ...
5 Simple Tips to Help Avoid Ransomware

5 Simple Tips to Help Avoid Ransomware

5 Tips to Avoid Ransomware Ransomware is a particularly pernicious form of malware: unsatiated by simply using your system as ...
The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the ...
Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), "worldwide revenues for big data and business analytics will grow ...
HTML5 Speed Test

HTML5 Speed Test

HTML5 SPEED TEST SERVICES There is no made-for-all solution when it comes to optimizing a website for speed, and while putting a cloud platform in place is a good start, every cloud startup should ensure that they have an optimization ...
Machine Learning Open-Source Tools

Do More With Machine Learning Thanks to These 6 Open-Source Tools

Machine Learning Open-Source Tools We are in the middle of a machine learning, AI and big data renaissance — at least, that’s what we’re calling it. Seemingly everyone is interested in this technology these days, and for a good reason ...
20 Leading Cloud CMS Wordpress Alternatives

20 Leading Cloud CMS WordPress Alternatives

Cloud CMS Wordpress Alternatives Content management systems (CMS) have grown exponentially in recent years. Their number and features have exploded. There are now dozens of cloud CMS Wordpress alternatives for startups and small business. CMS is getting more sophisticated. Website building ...