While the topic of Cloud security may have a lower budget priority to IT organizations than overall IT security, the convergence of topics is here to stay.
Since the overarching trend of outsourcing to Cloud Service Providers (CSPs) for specific applications, platform services or infrastructure has become commonplace, the intersection of Cloud security and organizational security has merged.
I would argue that the intersection of Cloud and enterprise/IT security has become a vital component of a company’s overall cybersecurity posture, and as such, requires careful monitoring.
Driving the intersection of Cloud and overall IT security are the convenience and investments (ROI) of an organization. The convenience of buying Cloud applications like email, CRM, storage and back-ups from third party providers have been significant factors in decision-making.
These services are easy to implement because they are already configured, available and scalable without the requirement of capital purchases and investment in additional human resources — call it time to market or time to solving a problem.
Most organizations are trying to solve IT requirements with a credit card. The removal of layers of approvals, new budget allocations and resource headcount approvals is a theme of the past when considering a Cloud model.
This may sound like a pro-Cloud argument, and in some ways, it is. Most organizations who need to meet a specific requirement with limited budgets or time have very few choices to consider — when taking into account that investing in CSPs is significant in both infrastructure, scalability and security, that idea of “building your own” becomes further and further removed from reality.
If we look at the SMB marketplace, the financial benefits of Cloud far outweigh any other options.
Security of IT and Cloud is a discussion that has been ongoing from industry experts. The net of this, for most, is the dividing line between multi-tenancy Clouds, hybrid Clouds and private Clouds.
For some applications, multi-tenancy may be a completely acceptable model for most organizations — take Google Apps and Office365 as examples — whereas services sold by a business as their product may require a hybrid model.
Applications built in a multi-tenancy application licensing model and core applications running on bare metal services hosted by a CSP could be a very real scenario for product delivery. There are several variations and models used by companies today that work well.
As the connection between an organization’ IT infrastructure, CSP services and third-party apps as subscription, the need for a cybersecurity plan becomes a requirement.
Typically, the changes in IT happen across departments based upon the budgets or business needs of the organization, causing a more complex set of relationships to occur.
When the influx of business applications, services and infrastructure merge in the IT department with an overarching message to ensure the business is secure, it’s time to make cyber the executive topic of discussion.
The executive team needs to become more involved with cyber, making it a business continuity planning requirement versus an IT security overhead. The ability for the IT team to move overall IT security to a cyber discussion will help projects and programs receive funding.
In addition to the approvals of budget, an overall assessment of all the complex relationships needs to occur.
Once the IT department has complete visibility of the company’s cyber posture, a comprehensive plan of action can be managed to address both vulnerabilities and processes: the first step to becoming cyber prepared.
A standards-based approach to cyber preparedness should be considered. It is said that most companies are either going to be hacked soon, just recovered from a hack, or have been hacked and are unaware.
Measuring an organization’s cyber readiness is a worthy approach to protecting the company’s core assets: revenue!
Brian Berger is the executive vice president of commercial cybersecurity for Cytellix. With more than 28 years of experience in device security, IT, data analytics and corporate leadership, Berger has led the successful development of strategic engagement agreements with multibillion-dollar Cloud service providers, securing significant contracts in data encryption, authentication, network security, Cloud, analytics and embedded hardware security.
This article was originally posted on TD sister site Security Sales & Integration.