| ||||||||||
| ||||||||||
Current Filter: >>>>>> Building trust in the cloud Editorial Type: Strategy Date: 01-2014 Views: 3274 Key Topics: Cloud Security Cybercrime Business Continuity Management Key Companies: Ernst and Young Key Products: Key Industries: | |||
| Wherever your business is in its 'cloud journey', you need to create a cloud services environment that is Secure, Trusted and Audit-Ready (STAR), argues Ken Allan, Global Information Security Leader , Ernst & Young Not that long ago, cloud computing was little more than a speck on the horizon. We heard reports of it rapidly becoming a mainstream technology, but it had yet to yet to make a meaningful impact on our technology landscape. According to EY's Global Information Security Survey, in 2010, 30% of respondents indicated that their organisation used or was planning to use cloud computing-based services. In 2011, the percentage had risen to 44%. By 2012, cloud computing had reached a technological tipping point: almost 60% of survey respondents said their organisation was using or planned to use cloud computing services. And yet, 38% of respondents said that they had not taken any measures to mitigate the risks of using cloud computing services. This disruptive technology was advancing faster than many could secure it.
BUILDING A BETTER WORKING WORLD One of the first principles of improving information security is take control of your environment. It would therefore feel counterintuitive for an organisation to surrender control of its IT infrastructure and data to a third party. And yet this approach may offer the best opportunity to address increasingly complex security and privacy challenges. Rather than becoming an organisation's worst security nightmare, cloud computing platforms may offer its best hope to create a more secure IT environment by strengthening controls and improving information and security capabilities.
WHAT'S THE ISSUE? However, despite its ubiquity, many IT executives remain hesitant to endorse a "cloud first" approach. Even worse, there are some who refuse to adopt any cloud-based service at all. Some fear that communicating data over a public network will increase its vulnerability to cyber attacks. Others worry that cloud service providers offering the same infrastructure to multiple clients in multiple locations will not be able to maintain segregated confidentiality. Still others express concern that transmitting their data across international boundaries will expose them to diverse legal and regulatory requirements in jurisdictions with which they're unfamiliar. Unfortunately, these fears and IT's perceived need to retain physical controls over its environment can increase an organisation's risk rather than mitigating it. Within many organisations, when business units that want to use cloud computing hear "no" from IT, they simply go off and procure the service themselves. This not only extends the organisation's IT environment without the right protections in place, but it also takes cloud computing into the shadows where IT can neither anticipate nor address the resulting risks. IT must shift its focus from saying "no" to saying "yes" in a way that adds value to the business and protects it from mounting cyber-security risks. Developing a cloud framework that creates a secure, trusted and audit-ready (STAR) environment may be just what IT executives need to say "yes" with confidence.
WHY NOW?
HOW DOES IT AFFECT YOUR BUSINESS? Even those organisations that have adopted cloud services are exposed. Often, there is a gap between the controls typically implemented in the cloud and the controls necessary to create a secure, trusted and audit-ready cloud environment. IT executives who have not worked with the business to embrace the cloud have seen a marked increase in shadow IT within their organisation and a corresponding decrease in their influence within the organisation. In EY's 2013 Global Information Security Survey, only 17% of participants indicate that their information security function fully meets the needs of the business. Changing information security's mind-set to help the business find a path rather than block it is the challenge that organisations face. Cloud-based services are here to stay. IT functions need to learn to either work with them or suffer the cyber-security and financial consequences that may result in having cloud adoption take place without the input and value of IT.
Page 1 2 | ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |