GDPR Compliance

Avoid Breaking the Bank to Protect Your IT by Automating These 3 Departments

Protect Your IT by Automating In the big data world, companies have more information than any human (or team of humans) can consume. New software arrives every minute, servers go up and down, data streams in, and businesses still expect their employees to catch every
October 2018 Netskope Cloud Report

October 2018 Netskope Cloud Report

With the increased adoption of public cloud infrastructure services like AWS in the enterprise, there’s also a growing need for clear identity and access policies to ensure sensitive enterprise data is secure. While many organizations have controls around cloud services such as multi-factor authentication and
Breached Data

Breached Data – Keeping it Secret Doesn’t Make It Go Away

Breached Data

When Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later.

The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all.

The arguments for moving to the cloud have always included the fact that CSPs make it their business to keep security at the highest levels possible. Their value statements include the concept that internal IT systems and on-premises storage can be more easily overrun due to project and maintenance bottlenecks. But when a high-profile cloud provider suffers a breach, the credibility counter resets to zero or lower.

Additionally, the idea of keeping the breach quiet is unsettling. Uber’s well publicized episode and subsequent payoff reveals a particularly human weakness: the expectation that if you hide something bad, it will never see the light of day. That is obviously not true. The damage from a breach will eventually come to light, but the delay between incident and revelation causes far greater harm to customers as well as to a company’s own reputation.

The fact is, applications running in the public cloud are not completely immune from breaches. Sanjay Beri, founder and CEO, Netskope, stated recently that “While cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information. With the rise of cloud threats like accidental data exposure, malware, and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss.”

Together, technical vulnerabilities and human “weakness” in crisis management identify two vital reasons why a CSP needs to work with a Certified Cloud Security Professional (CCSP). In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This can include essential crisis management preparation and deployment strategies.

The CCSP Designation

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The Cloud Is Still the Better Place

Numerous studies, including a recent (2017) one from Schneider Electric, quoted in Infoworld, showed that confidence in cloud and in CSPs remains positive, but that much of this is based on its ability to remain proactive.

Cloud-based security outpaces traditional and on-prem security approaches through a combination of proactivity, cost effectiveness and easier integration with devOps: “Security and devOps seem to mix best when security is part of a service accessed outside the development and deployment platforms. That external, service-oriented nature means security can easily be made part of most devOps processes.

In just the same way a CSP provides a solution to the companies it works with, the hands-on expertise and strategic wisdom of CCSP adds an additional layer of relevance and practical application of security techniques. They are a second set of eyes for those unguarded or forgotten physical weaknesses left open to exploitation to hackers, but they also work as the voice of reason in the formulation of a strategy and practice. A cloud service provider working in league with a CCSP helps ensure business on the cloud stays secure and profitable for the end users.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/CCSP.

###

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

TOP ARCHIVES

Cyber Criminals Caught! Ah No, More Like Just Identified. Sigh!

Cyber Criminals Caught! Ah No, More Like Just Identified. Sigh!

Cyber Criminals Caught It’s that time when we look back on the past year. In 2018, Atlanta was a victim ...
The Current Wave of Smart Home Technology

The Current Wave of Smart Home Technology

The Future of Smart Home Technology Some say the vision of smart homes kicked off with the invention of household ...
Work In The Cloud Era: Are We Ready For Virtual Teams?

Work In The Cloud Era: Are We Ready For Virtual Teams?

Getting Ready For Virtual Teams Technological developments are ushering in a new era of work. Cloud computing has changed not ...
Business Intelligence Implementation

10 Tips For Successful Business Intelligence Implementation

Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, ...
Google Cloud Platform: Enabling APIs

Google Cloud Platform: Enabling APIs

Enabling Google APIs The Google Cloud Platform is a comprehensive tool that helps companies manage their IT resources. Completing software ...