Page 53 - Cyber Defense eMagazine - October 2017
P. 53
• Broaden your incident response plans – One of the big changes driven by the
cloud has to do with companies’ responses to security incidents. The common
wisdom today is that CIOs don’t get fired for allowing a breach – they get fired for
their responses to the breach. You need to have a plan in place and specific
playbooks to follow. This goes for situations where a customer gets breached.
• Take another look at your cyber insurance – With data in the cloud, you’ll
have new decisions to make based on the liability you hold and the cyber
insurance you need to protect the company in the event of a breach. Do you
have a set of controls that just covers the cost of the investigation? Do you
understand the quantification of impact of remediating the attack and getting
back to business? And are you bracing for lost revenues?
• Find your data – Data classification and data handling policies are not effective
if you don’t know where your critical data is, and who is handling that data. Data
governance is now a core function of data protection.
Protecting data closer to the data itself
CIOs themselves can answer how many laptops, servers, petabytes of storage they
have.
But the question they don’t often have a good answer to is where their critical data
actually lies. If it’s in the cloud, it’s critical to know this. Creating a robust data
governance function helps the CIO understand the entire lifecycle of that data – where it
goes, how it moves through business processes, and where the data terminates.
In the cloud, it’s easy to link systems together to provide customers with a richer user
experience. Having control over the governance of the data that flows through those
pipes is critical. Developing a sound governance plan allows companies to protect the
data and issue reports to regulators regulatory about what they’re doing with that data.
Cloud computing has changed the paradigm for today’s businesses, giving them broad
access to data that transform their operations. It also has exposed the data layer to new
threats that companies need to protect against to achieve their goals. By taking a new
approach to security, incorporating risk management principles and diligent protective
techniques, companies can ensure that they’re getting the most out of their data assets.
About the Author
Roger Hale is Vice President of Information Security and CISO at Informatica
53 Cyber Defense eMagazine – October 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.