Cybersecurity best practices evolve as cloud use expands
Organizations must build protection into systems, see it as part of doing good business
By Byron Acohido, ThirdCertainty
More organizations are using the cloud to store and manage their data, which is prompting the development of new types of best practices in cybersecurity.
I spoke with Emily Mossburg, a principal at Deloitte Cyber Risk, about maintaining the security of data stored in the cloud, as well as incorporating cyber protections into the product development cycle. A few highlights:
New business practices
“We’re getting to a point where we’re really seeing much more adoption” of cloud services, Mossburg said. “That’s driving changes in terms of the way that organizations are laying out their overall networks and the way in which they’re securing their infrastructure.”
Organizations see the cloud making their operations more efficient while also putting some risk-protection responsibility into the hands of cloud providers.
Companies could move in-house customer relationship management and human resources systems to cloud-based systems, which could save on costs, but also puts personally identifiable information in play.
Security should still be top of mind
Companies must consider the security of data transferred to the cloud, and the tools, processes and governance needed to maintain information safety.
Related story: Be selective about what data you store and access from the cloud
“The protection of the application and the systems are in data; it’s still the responsibility of the organization,” Mossburg said. “You may have privacy considerations. You may have some legal and regulatory requirements based upon the type of data.”
The category of information stored in the cloud could determine what kind of security is in place. Companies must consider if they need to encrypt the data, since the cloud provider and system administrator will have access to it.
“Do you need to enhance your identity and access management?” she said “Do you need to have other infrastructure-focused, software-based firewalls?” Even though the data is in the cloud, the organization still has an obligation to protect it.
Development of new products
As new products and services are created in the age of the Internet of Things, there are concerns about how they might be used in an attack or how they may be compromised, Mossburg said.
However, developers are now incorporating digital protection into the product life cycle. That makes cybersecurity “less of just an enterprise issue and more of a business issue, particularly in terms of the products and services that you’re bringing to your consumers and to your client base,” she said.
For a deeper drill down, please listen to the accompanying podcast.
More stories related to cloud security:
Using the cloud to protect the cloud
Managed security services enhance cloud cover for SMBs, others
Businesses must remember shared cloud security requires shared responsibility