How to Improve the Backup Success Rate of Data Centers?

How to Improve the Backup Success Rate of Data Centers?

Improve Backup Success Rate According to industry analysts, a significant number of backup jobs (from 5 to 25%) are failing across various tiers of data centers. This impacts datacenters heavily on revenue loss, SLA-based penalties, and customer experience. Furthermore, loss of important data alienates customers
Avoiding the IOT ‘Twister’ Business Strategy

Avoiding the IOT ‘Twister’ Business Strategy

IOT ‘Twister’ Most organizations’ ‪ IOT Strategy look like a game of ‪ ‘Twister’ with progress across important IOT capabilities such as architecture, technology, data, ‪ analytics and governance; variables comprising a series of random investments and decisions. There is something very different about the Internet of Things (IOT) craze versus

CONTRIBUTORS

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Cloud-Enabled Managed Hosting Provider We are all familiar with the old saying “That's like comparing apples to oranges” and though ...
Infatuation leads to love - How container orchestration and federation enables multi-cloud competition

Infatuation leads to love – How container orchestration and federation enables multi-cloud competition

Container Orchestration The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to ...
Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks: The Top 8 According To ENISA

Cloud Security Risks Does cloud security risks ever bother you? It would be weird if it didn’t. Cloud computing has ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have ...
Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and ...
Secure Business Agility

Contrary to popular belief, a pro-privacy stance is good for business

Pro-Privacy Stance Right now privacy is a hot topic on LinkedIn posts, especially as it pertains to compliance with the ...
The Lighter Side Of The Cloud - The Vatican
business-audit

Security Audits, Cyberattacks and other Potential Front Line Issues

Defending the Organization

When people talk about security audits in an organization, thoughts immediately go to malware, cyberattacks and other front line issues. These appear as the most obvious types of threats and are consequently given the greatest attention. As essential as these responses are, companies need additional layers of audit and defence further up the hierarchy if they are to build a culture of perpetual and successful self-governance. The problem is, internal compliance and control – the key elements of self-governance – are falling woefully behind the times thanks to traditions that have not yet received a full overhaul. This is bad news for business in the private and public sectors, since the enemies they face have already stepped up to the speed of “now.”

Traditionally, businesses have relied upon three lines of defence for standing up against risk. Called the “Combined Assurance Model,” it relies first on line managers to watch over the business processes. The second line belongs to internal risk managers and assurance providers, and then thirdly comes the internal and external auditors.

Security Audits

Such a structure has not always proven to be reliable. In 2013, Financial Times journalist Howard Davies quoted British lawmakers as suggesting the model “promoted a wholly misplaced sense of security.” He added, “Far from complementing each other as happy teammates, they think the second and third lines are in the chocolate teapot category of uselessness, with “the front line, remunerated for revenue generation, dominant over the compliance risk and audit apparatus.” 

These are the types of issues that worry Shrikant Deshpande, senior banking technology, risk and assurance professional and (ISC)2 Certified Cloud Security Professional. He suggests there seems to be a gap between Internal Audit, GRC (Governance, Risk management, and Compliance) and Cyber Security in terms of formalized methods of defining risks, monitoring and assurance. “There is certainly a meeting of minds and policy level agreement on objectives,” he states, “however a formal process of risk mapping and traceability of assurance outcomes to agreed high level risk needs to improve.

What this means in the most straightforward terms is that audit and GRC education must keep up with the times, and with the new technologies now impacting business globally, like cloud, big data and IoT. There needs to be greater investment in security monitoring technologies and in internal education, and this requires getting through to executive decision makers in a way that effectively conveys both urgency and importance.

Shrikant highlights the recommendations of a 2010 research paper published by the Institute of Chartered Accountants in Australia, outlining a process of continuous assurance for the digital world. Central to its thesis was the notion of “better matching internal and external auditing practices to the reality of the IT-enabled world, to provide stakeholders with more timely assurance.” The authors advocate “audit automation,” to move the audit process away from a “manual, periodic paradigm” to something more real-time.

Shrikant points out that a variety of cloud technology neutral assurance methods and processes already exist, such as COBIT, ISO 27k , ISO 30k, and NIST. The challenge is that audit and GRC professionals need to mature their skills and knowledge to apply these in specific technology environments like the cloud.

This is where a combination of techniques like assurance mapping, combined assurance and continuous auditing can coexist and assist.

He adds, “the gap between risk management stakeholders and those who are actually monitoring risk and creating assurance continues to exist. There is a legacy of division that must be overcome if businesses and organizations hope to thrive in the extremely fast-paced world of cyber-connected business.” His advice: formally engage. Organizations need formal programs, formal assurance mapping and an up-to-speed monitoring program. The luxury of waiting no longer exists.

For more on the CCSP certification from (ISC)2, please visit their website. Sponsored by (ISC)2.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website

Cloud Community Supporters

(ISC)²
Cisco
SAP
CA Technologies
Dropbox

Cloud community support comes from (paid) sponsorship or (no cost) collaborative network partnership initiatives.