Cloud Security Authors: Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Blog Feed Post

Cloud Security Strategic Action Items for 2016 By @MariaHorton | @CloudExpo #Cloud

Formulating strategic & tactical defenses against adapting & evolving threats requires both business & technological viewpoints

Cloud Security Strategic Action Items for 2016
By Maria Horton, CEO of EmeSec

The recent uptick in cyber attacks across all sectors of the economy, have reinforced for CIOs the need to be able to address corporate boards and customers on their strategies for protection and resilience for the coming 2016 year.

Cloud, Big Data, and the liability issues in the news, have exposed the increased both the virtual, legal and physical risk bases and attack surfaces related to cloud and cyber. More than ever, formulating strategic and tactical defenses against adapting and evolving threats requires both a business and technological viewpoints. With external attacks, ransomware, and potential malicious insiders, CIOs and CISOs are faced with unprecedented challenges that require updating and re-thinking security policies, cyber hygiene, and technology migrations.

My recommended top three New Year’s priorities for cloud and cyber consideration are:

  1. Employ Holistic Risk-Mitigation

The 2016 risk mitigation strategy should be built upon a comprehensive understanding of the organization’s business and technological assets, threats, and vulnerabilities. Identifying assets and data ownership can be more complicated when working with cloud providers. Protecting intellectual property and consumer or client data identified by cloud business strategies must also be incorporated into daily security operations. Shadow IT and escalating monthly cloud services are likely to be a pain point for many organizations, unless security and acquisition controls are in place. It may not be as simple as one may think given the virtual bits and bytes of the cloud and mobile applications; plan accordingly. Cloud and cyber security has broadened beyond the technology and internal process issue. Ongoing operational services, establishing and monitoring SLAs, and partnership agreements, are the newest liability from a resource and cost perspective. And, as always, healthy security practices and regular reviews are critical to lowering risk exposure.

  1. Prepare for ‘Everything as a Service.’

IoT and Cloud computing are revolutionizing companies’ relationships with their customers. Re-use, new use, and expanded utility of service information and apps performance, fosters both an “always-on” mentality and a need to identify competitive advantages and new services for your organization. As a result, CIOs must prioritize between establishing new technical support services for the “always-on competitive advantage and the always-on protection” need. Cloud and cyber security continuous monitoring has multiple meanings in the “everything as a service” world. CIOs and CISOs should implement additional and ongoing reviews of systems and protocol implementations, policies, and updated strategies to protect the information and data under their responsibility.

  1. Update Your Policy Protection for Cloud Services.

Due to a high number of massive security breaches, 2015 was an exceptionally transformational year in terms of defining Safe Harbor responsibilities, PII breach liabilities, and other privacy protection issues with Federal Trade Commission (FTC) impact. Many cloud providers offer extremely high-level security and encryption options, but without proper processes, policies, or compliance evaluations, corporate liability may still exist. Often this liability falls to the CIO or CISO in a variety of ways including incident response, corporate communications regarding events and event findings as well as the proof points of resilience and compliance. Review your SLAs, data ownership agreements, and policies to ensure that your organization is making use of all available protection measures.

The post Cloud Security Strategic Action Items for 2016 appeared first on Cloud Best Practices.

Read the original blog entry...

More Stories By Cloud Best Practices Network

The Cloud Best Practices Network is an expert community of leading Cloud pioneers. Follow our best practice blogs at http://CloudBestPractices.net

IoT & Smart Cities Stories
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.