Cloud Migration Strategies and Their Impact on Security and Governance

Cloud Migration Strategies and Their Impact on Security and Governance

Cloud Migration Strategies Public cloud migrations come in different shapes and sizes, but I see three major approaches. Each of these has very different technical and governance implications. Three approaches Companies dying to get rid of their data centers often get started on a ‘lift
Directive 20 Repealed – Beat the Cyber War Drums?

Directive 20 Repealed – Beat the Cyber War Drums?

Exposed by Snowden in his 2013 document dump, Presidential Directive 20 limits the U.S. in attacking/counter attacking with cyber weapons. Now it has been rescinded. Does that mean the gloves are off? We’ve been under attack for a long time. You see signs of it

Resurrecting CHAOS for Today’s CIOs and CISOs

While at CloudExpo, London last week I had the chance to chat to RedHat’s Richard Morell. He suggested that I resurrect CHAOS (Controlling Havoc and Overhauling Security) Theory from a couple of years ago as the message is still holds very true.

The term ‘chaos theory’ first came about in the 1980s as a way to ascribe order to a seemingly random set of events. And, in today’s landscape of stark contrasts between business opportunities and impending risk, CIOs and CISOs have to drive collaboration and controlled acceleration: That is where CHAOS Theory comes into play: enabling both a new order and the opportunity for CIOs and CISOs to be part of the strategic business agenda.

Most CISOs cannot state with confidence that their organization’s information assets are secure. The general processes and even toolsets in place today are not standing up to the way that we do business or the attacks we’ve seen in the last few years, so why do we assume they will be good enough for the future? Mobility and BYOD are just the beginning of the next wave of infrastructure security challenges. We need to be concerned beyond just users having left IT’s security control and focus on thee data in often unsanctioned apps. that follows these users into the public cloud. We most often think about insider threats as malicious, but these cases that most often make headlines are just the tip of the iceberg.

Well intentioned employees may be a bigger risk still as with the blurring of social and work it’s so easy to accidentally overshare sensitive enterprise data. And, if we thought it was bad enough when cyber thieves steal our data what havoc will they wreak in the Internet of Things era when they change it?

The goal with the CHAOS Theory is really to funnel user demand in a way that is far more ordered and less chaotic than today. There isn’t a single proposal or program that applies universally to all organizations but following is where you might start:

  • Rather than fight loss at the endpoint and an evaporated enterprise perimeter, instead focus on contextual identity-based controls such as location, time, what type of data, and/or threat vector to determine what resources users and devices can connect to.
  • Leverage cloud threat data feeds to make more accurate risk predictions based on an aggregate view of threats seen around the world.
  • Utilize big data-processing facilities such as HADOOP and OLAP (online analytical processing) to identify potential data breaches, data leakages and system compromise so that defensive controls can be adapted or updated in real time.

And, for CISOs looking to demonstrate the value of their teams and work to executive and strategic business holders, consider the following:

  • Implement a metrics analysis platform to enable the CIO and CISO to act as the central point of governance and thus better quantify and qualify
  • Establish an executive forum for reviewing compliance with key business stakeholders

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

TOP ARCHIVES

Aruna Cisco

66% Say They’d Switch Vendors in Order to Get an Intelligent Online Meeting Solution

People are getting frustrated with online and video meetings. In fact, according to a recent survey, 85% say they are ...
Survey results reveal the biggest Artificial Intelligence challenges

Survey results reveal the biggest Artificial Intelligence challenges

Biggest Artificial Intelligence Challenges We’ve been told countless times over the past few years what an impact Artificial Intelligence (AI) ...
Cyber Criminals Caught! Ah No, More Like Just Identified. Sigh!

Cyber Criminals Caught! Ah No, More Like Just Identified. Sigh!

Cyber Criminals Caught It’s that time when we look back on the past year. In 2018, Atlanta was a victim ...
Rainmaking From The Cloud - CIOs Struggle To Keep Pace With IT Demands

Rainmaking From The Cloud – CIOs Struggle To Keep Pace With IT Demands

CIOs Struggle With IT Demands In the digital era, where customers can select virtually anything with a click of a ...
Delivering Serverless Applications Using AWS Well-Architected Frameworks

Delivering Serverless Applications Using AWS Well-Architected Frameworks

This is part 1 in a 2-part series on serverless cloud computing. Rapidly expanding connectivity options and increased development in ...