Page 51 - Cyber Defense eMagazine - October 2017
P. 51

Adapting Security Policies to Fit the Cloud Computing Era



               By Roger Hale




               The  Cloud  Computing  Era  has  been  shaking  things  up  since  it  began.  And  unlike
               Moore’s law, the pace has been fast and furious and more importantly, unpredictable.
               The advent of hybrid cloud computing, giving companies the ability to determine what
               they do in the cloud and what they keep on-premise, has helped accelerate adoption of
               cloud computing.

               Think about it: For decades, a company’s data was housed in a data center in a specific
               location.  Companies  wrote  security  policies  that  focused  on  protecting  assets  under
               their physical control, and policies laid out rules about how, when or if that data could be
               accessed. These policies stayed in place and may have been reviewed once a year.

               Fast  forward  to  2017.  Data  is  now  more  valuable  –  and  more  portable  --  than  ever.
               Couple that with the fact that business today relies upon real-time data to make critical
               decisions at the speed of today’s business, and yet they have less direct control over
               where data travels and who handles it along the way. In addition, employees throughout
               organizations are accessing data and using tools to conduct self-service analytics. All of
               these things demonstrate why putting data into the cloud changes the way data must be
               protected.

               How can companies respond to this new set of challenges? They can start by rewriting
               their security policies to embrace this new world where data is portable and worth its
               weight  in  gold.  Companies  need  to  spend  less  time  building  virtual  walls  around
               physical structures and more time implementing plans that incorporate a blend of risk
               management, data governance and third-party oversight.


               A risk management approach

               If your company puts large chunks of its data in the cloud, you need to fully understand
               the risks you face and set up a plan to manage those risks. Criminals are anxious to get
               hold  of  your  data,  and  they’re  getting  more  and  more  creative  with  their  tactics.  As
               mentioned above, they’re not just trying to get into your own internal network; they’re
               exploiting  the  holes  in  your  extended  services  network,  which  includes  suppliers,
               customers, partners and other assorted third parties.




                    51   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   46   47   48   49   50   51   52   53   54   55   56