‘Security is a process. Not a product.’ – Bruce Schneier
Security concerns remain at the heart of IT department discussion.
However, with the right approach, these conversations can move beyond reactive damage limitation and move towards a holistic view of security that embraces prevention, detection, people and technology.
In cloud computing, the three main security threats facing CIOs are:
- Poor integration of emerging technology
- Malicious or unintentional insider activity, including shadow IT
- Issues with data governance and regulatory compliance
As such, a joined-up approach to data security management can address these issues:
Trust but verify
Firstly: cloud security is a two-way street. Companies should be able to hold service providers accountable for breaches in their infrastructure. Any cloud
Companies should be able to hold service providers accountable for breaches in their infrastructure. Any cloud Service Level Agreement (SLA) should reflect this.
As cloud computing evolves, there’s a risk of disparate security standards.
‘Sophisticated providers will understand the data security requirements in the customer’s industry and have independent audits conducted that confirm the environment is secure’, says Jessica Franken, an experienced technology transactions lawyer at Quarles & Brady.
If you can’t agree upon a set standard of data governance with your cloud service provider, consider looking elsewhere.
Manage people, roles and identities
People management is just as important as application control.
Thus, knowing who has access to your data at any given time can help you create stronger governance policies.
Companies that understand the importance of identity access management experience fewer insider threats. While a level of trust is always necessary, accountability and privileged access management can prevent the mishandling of sensitive data and improve compliance.
Gartner analyst, Brian Iverson, suggests ‘if you are forced to focus on ROI to justify IAM investments, then your organisation is not ready to take IAM seriously.’
Protect at a data level: data security perspective
Finally, perimeter defences are becoming difficult to sustain. With remote working, BYOD and VPN causing network borders to stretch, firewalls are no longer an adequate last line of defence.
So, take measures to secure your most sensitive data at a more granular level.
Encryption is key, whether it’s data at rest in your datacentre, in-transit or sitting on an end user’s laptop.
‘The key to a good encryption strategy is using strong encryption and proper key management. Encrypt sensitive data before it is shared over untrusted networks’, says Chuck Davis, Executive Security Architect at IBM.
See the wood, not the trees
Don’t let security fears hold you back from your digital transformation. Implementing company-wide governance policies and tracking data access across the board isn’t easy. But, when it’s built in from the start, security is not a blocker or a burden on IT change management, it’s an enabler.
Well, that’s our summary, make sure to let us know your thoughts on data security management below. Should you wish to learn more, download this guide on benchmarking your workspace ⇓
Written by Neil Allgood, | Practice Lead, RedPixie | See his LinkedIn Profile