(ISC)²'s bi-monthly e-newsletter Cloud Security INSIGHTS, delivers timely, must-read original articles for the professional development of infosecurity practitioners focused on cloud security.
2018 Security Congress Preview – Cloud Security
(ISC)² will hold its 2018 Security Congress in New Orleans, LA, October 8th – 10th. This conference will bring together 2000+ attendees and over 100 educational sessions. One of the 13 tracks that are being offered with focus on Cloud Security and challenges practitioners face when dealing with all things cloud. Join (ISC)² and several of the speakers who’ll be presenting in the Cloud track as we preview their sessions, get an idea of what will be discussed and discuss the state of cloud security today.
SEPTEMBER CLOUD SECURITY INSIGHTS
Is It Time for You to Fully Embrace Cloud Services?
By Wesley Simpson
In case you are one of the last holdouts on moving to the cloud, I applaud your risk tolerance for keeping your company safe and secure. But in reality, in order to stay competitive, there is no better time than now to fulfill a digital transformation, including fully embracing cloud services.
Here at (ISC)2, our work environment has evolved quite a bit over the last 10 years and, given what our employees and members look for in an organization, we knew that we had to evolve with them to keep pace. Many of the concerns, uncertainties and cost impediments have diminished. It was the right time for (ISC)2 to migrate.
As the executive sponsor and a strong proponent for this initiative, I had to not only be visible but vocal. The C-suite must fully understand the ultimate business value that the cloud brings to an organization and be ready to articulate it in a way that everyone in the organization can understand and support. The cloud has improved our work life by removing the technological tediousness that plagues so many companies today; it’s also enabled us to become a work-from-anywhere organization.
Employees display higher levels of motivation on the job when they feel their efforts are closely tied to the organization’s goals and core values. Making the tie to each employee and member can be the spark to sharing how the cloud can help each of them succeed along with the company.
Another driver for us was the need to be more fluid and agile to increase our cyber resilience against breaches. Training our staff to be cyber-conscious when handling company data was a must. Education and security hygiene reinforcements were not optional; they were fundamental to increasing our security readiness to deal with potential attacks, as well as implementing disaster recovery/business continuity plans for hurricane season in Florida, which in the past has temporarily disrupted our headquarters operations there.
Technical operations leaders should heavily consider cloud services that are made up of orchestrated technology and/or application elements, not just the individual technology components. There is a range of ways to consume these services, from internal IT teams to third parties providing private or public cloud services.
Cloud computing has several advantages, from its ability to support bandwidth-intensive applications to its added agility in business processes. But in order to select the right cloud program for your company, it’s important to understand the basics. Cloud storage comes in a variety of service options, including:
- Software as a Service (SaaS): Applications are hosted on a cloud infrastructure that can be accessed over the network or program interface, usually through a license model
- Platform as a Service (PaaS): Allows organizations to build, run and manage applications without using any IT infrastructure
- Infrastructure as a Service (IaaS): Providers deliver computing infrastructure as a part of the service, allowing organizations to self-service via remote data center infrastructure
With cloud computing services, our employees gained the ability to access data and work from anywhere in the world. This flexibility creates collaboration across geographically dispersed teams, increases operational agility and shortens time-to-market with products and services.
Another benefit we realized was that by removing the physical components to develop and support these on-premises systems, employees could be shifted to other areas within our company to work on initiatives that are truly core to us and tie back to our IP and competitive advantage. We wanted to free up resources to work on those things that would provide the greatest benefit to our members and not get stuck on manual outdated IT technical debt.
Critical questions to ask—and answer
Whether you are still weighing your cloud options or committed to a digital transformation, here are questions to ask and amply answer:
- What are your business’ needs and budget restrictions?
- What security requirements are necessary for your information? Every company must assess its own data and necessary level of protection.
- What role will cloud storage play in the future of your company’s goals?
- Can your current IT infrastructure and employee skill sets support cloud connectivity?
- What is your company’s risk tolerance if the data is breached?
- What does the transition look like? Full cloud or hybrid deployment?
Whatever you decide with respect to cloud migration, your decisions eventually boil down to understanding your business needs and where you want your teams to spend their time. Cloud capabilities are evolving every day, and no matter what your infrastructure and operations strategy is, there is a cloud solution for you.
Wesley Simpson is COO of (ISC)2. An expanded version of this article first appeared in the September/October issue of InfoSecurity Professional magazine.
A bimonthly email