03-30-21 | Blog Post
Partially, as a result of the implementation of these new digital technologies and practices, the business world experienced a large and opportunistic uptick in exposure to cybercrime.
Cloud Security Governance, is a model used to maintain security through policies and controls across all teams, infrastructure and network access. It must be adapted and enforced in the post pandemic business environment to reduce the chance and impact of Cybercrime and to assure the desired business results are achieved. The most important action is to assure that the governance plan is mapped to an expected business result so the commensurate levels of security and risk mitigation are applied.
The Primary Tenets of Cloud Security Governance
Cloud Security Governance includes cloud security and cloud computing security. It should consider all of the business’s projects, digital transformation plans and use of cloud services. “KPIs” that should be considered in evaluating the performance of your Cloud Security Governance plan include:
Mitigation of risk: Use “threat modeling” to identify and rank threat/security issues and what type/level of security is required to protect specific processes, data, records, IP, etc. Next, assess and designate risk levels for public cloud and private cloud services that offer the security and compliance levels required to protect your processes, data, records, IP . Finally, assign “levels” or tiers of security and risk mitigation that are commensurate with the value of the data, systems or processes that are being protected. You now have established what are measurable and tolerable levels of risk for all critical elements of your business. These risk determinations and security assignments should be universal across all existing and future business elements.
Align business value/business results: Each data stream, process or application has a predictable contribution to business value. Similar to mitigation of risk, align the expected business value of the process to the level of Cloud security required to mitigate the risk of underperformance or negative contribution.
Create Common Elements for Development to Deployment: It is a scary truth that multiple, unregulated environments for development, testing and deployment generally exist across most businesses today. Creating common and regulated development environments limits the use of ad hoc resources which can become points of vulnerability, increased risk and economic liability. Inventory and reduce ad hoc environments.
Resource utilization: Whether building Cloud Security Governance from the ground up or adapting existing governance to today’s business needs, assessing your security team capacities and capabilities is essential. There is a value equation to be considered for building, managing and growing a private security support and management effort vs the use of managed security services provided by your trusted cloud services partner. These services are typically managed as either a DIY or fully managed configuration. In most cases, management will be some combination of your own security team for prem based DC/cloud and the use of fully managed for public, private, and hybrid cloud security. This security and operational management posture needs to become a part of your ongoing governance plan so that no future development is built ad hoc and becomes a potential point of vulnerability.
Easy button: The best Cloud Security Governance provides a set of specific and granular requirements so that all employees and vendors are able to make the best security choices aligned to their processes or services. If the governance plan has been developed tops down, and considers all areas of your business, you will find less resistance to implementation and enable better measurement of security performance and risk management results.
Hybrid cloud, on-prem, public cloud or private cloud, are only as secure as you make them. It’s up to you to develop your own Cloud Security Governance plan and thoroughly vet your cloud providers, working with them to put the proper security measures in place that will keep your data protected. This is especially true if you are held to one of the many compliance standards in place today. The right provider will be able to help guide you to be secure at every layer in the stack, not just the infrastructure. If you’re looking for the expertise and services to support your Cloud Security Governance plan, Otava can help. Consider our secure, compliant cloud solutions managed by a team of experts trained in the latest security best practices. Call 877-740-5028 or contact us to learn more.
As most security and government sources had predicted, distributing workforces in the time of coronavirus has provided cyber criminals with many new threat opportunities.
Did you attend Otava’s webinar covering security, compliance and business continuity?
To learn more, check out the full recording and the presentation!
To run successfully in the cloud (i.e., with little to no security failures), you’ll need to consider the difference between secure cloud infrastructure and secure applications within that infrastructure.