Cybersecurity best practices evolve as cloud use expands

Organizations must build protection into systems, see it as part of doing good business

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

More orga­ni­za­tions are using the cloud to store and man­age their data, which is prompt­ing the devel­op­ment of new types of best prac­tices in cyber­se­cu­ri­ty.

I spoke with Emi­ly Moss­burg, a prin­ci­pal at Deloitte Cyber Risk, about main­tain­ing the secu­ri­ty of data stored in the cloud, as well as incor­po­rat­ing cyber pro­tec­tions into the prod­uct devel­op­ment cycle. A few high­lights:

New busi­ness prac­tices

We’re get­ting to a point where we’re real­ly see­ing much more adop­tion” of cloud ser­vices, Moss­burg said. “That’s dri­ving changes in terms of the way that orga­ni­za­tions are lay­ing out their over­all net­works and the way in which they’re secur­ing their infra­struc­ture.”

Orga­ni­za­tions see the cloud mak­ing their oper­a­tions more effi­cient while also putting some risk-pro­tec­tion respon­si­bil­i­ty into the hands of cloud providers.

Com­pa­nies could move in-house cus­tomer rela­tion­ship man­age­ment and human resources sys­tems to cloud-based sys­tems, which could save on costs, but also puts per­son­al­ly iden­ti­fi­able infor­ma­tion in play.

Secu­ri­ty should still be top of mind

Com­pa­nies must con­sid­er the secu­ri­ty of data trans­ferred to the cloud, and the tools, process­es and gov­er­nance need­ed to main­tain infor­ma­tion safe­ty.

Emi­ly Moss­burg, Deloitte Cyber Risk. prin­ci­pal

Relat­ed sto­ry: Be selec­tive about what data you store and access from the cloud

The pro­tec­tion of the appli­ca­tion and the sys­tems are in data; it’s still the respon­si­bil­i­ty of the orga­ni­za­tion,” Moss­burg said. “You may have pri­va­cy con­sid­er­a­tions. You may have some legal and reg­u­la­to­ry require­ments based upon the type of data.”

The cat­e­go­ry of infor­ma­tion stored in the cloud could deter­mine what kind of secu­ri­ty is in place. Com­pa­nies must con­sid­er if they need to encrypt the data, since the cloud provider and sys­tem admin­is­tra­tor will have access to it.

Do you need to enhance your iden­ti­ty and access man­age­ment?” she said “Do you need to have oth­er infra­struc­ture-focused, soft­ware-based fire­walls?” Even though the data is in the cloud, the orga­ni­za­tion still has an oblig­a­tion to pro­tect it.

Devel­op­ment of new prod­ucts

As new prod­ucts and ser­vices are cre­at­ed in the age of the Inter­net of Things, there are con­cerns about how they might be used in an attack or how they may be com­pro­mised, Moss­burg said.

How­ev­er, devel­op­ers are now incor­po­rat­ing dig­i­tal pro­tec­tion into the prod­uct life cycle. That makes cyber­se­cu­ri­ty “less of just an enter­prise issue and more of a busi­ness issue, par­tic­u­lar­ly in terms of the prod­ucts and ser­vices that you’re bring­ing to your con­sumers and to your client base,” she said.

For a deep­er drill down, please lis­ten to the accom­pa­ny­ing pod­cast.

More sto­ries relat­ed to cloud secu­ri­ty:
Using the cloud to pro­tect the cloud
Man­aged secu­ri­ty ser­vices enhance cloud cov­er for SMBs, oth­ers
Busi­ness­es must remem­ber shared cloud secu­ri­ty requires shared respon­si­bil­i­ty