- Security TWENTY
- Women in Security
In 2019, McKinsey studied some of the world’s most influential CIOs to find out how they help CEOs achieve top business priorities. In this report, 88pc of CIOs cited “revenue acceleration” as a top priority, while 71 per cent listed “reacting to changing customer needs” and “faster time-to-market” as their main concerns.
The CIOs also said that a big advantage to transitioning from legacy infrastructure to cloud-native solutions is the speed at which developers can work. However, they explained that certain essentials, like security governance, is difficult to achieve without compromising on developer agility and customer experience (CX).
What’s more, 80pc of CIOs believe they have not attained the business benefits that they sought through IT modernisation. For them, migrating to the cloud is not enough. They needed to put better practices in place for the coming years, with security being one of their biggest concerns. With this in mind, writes Rakesh Soni of LoginRadius, pictured, let’s look at CIO best practices for modernising IT.
Prepare your IT team for cloud security
“Regular training for your team and constant refreshing of best practices keep staff up to date on data security and hygiene.
– Richard Orme, CTO of Photobox Group
CIOs need to take a structured approach to make their employees cloud-ready. So, how do you build a cloud-native organisation? Here are three phases:
Phase 1: Educate the right way
Training is effective only when it is done in the right way. Rather than taking a holistic approach to teaching, it’s a good idea to design a curriculum for every job role. Each curriculum should include sessions designed to develop a department’s skill-set. Also, there may be certain topics that address skills that are not vendor-specific. For example, Agile DevOps is required in application development, but it does not fall under an individual cloud provider.
Here, the right approach is the mix of both vendor-specific and neutral courses designed according to employee roles.
Phase 2: Apply immediately
Studies show that employees will forget 50% of what they learned within the two weeks following training. That’s just how the human brain works. You need to cement new skills by applying them practically to real-world applications right after the training has finished.
Phase 3: Growth assignments
Even if the best trainers in the world are working for you, you cannot provide your employees with everything.
Learning new skills is one thing and implementing them is another. Push your employees
beyond their comfort zone. Let them absorb new information and apply it to their current assignments.
Create a shared responsibility model
“Cloud providers are expected to do some things, while your business is expected to cover other areas.
– Gregor Petri, Research Vice-President at Gartner
The Shared Responsibility Model is one of the fundamental principles of cloud computing. Simply put, the concept defines the responsibility of the cloud vendors and customers within a cloud environment.
In order to strengthen security, cloud vendors usually take care of the host Operating System (OS), the virtualization layer, lower infrastructure layers, and the physical security of its facilities.
Cloud Service: Definition of responsibilities:
– Infrastructure as a Service (IaaS): The customer is responsible for the operating system of the virtual guest machines, the application layers, and the data (e.g., permissions, auditing).
– Platform as a Service (PaaS): Both customer and cloud provider are responsible for the application layer; the customer is responsible for their data permissions and auditing.
– SaaS (Software as a Service): The vendor manages the service; the customer/data owner is responsible for permissions, auditing, etc.
Protect valuable information
“Data is just data until it is analyzed and becomes information. The real value is in this information – and if this is compromised, then the business’ intellectual property is gone.
– Clive Longbottom, Independent Analyst
With this quote in mind, it’s smart to create an information security strategy for the cloud. In fact, many companies are already integrating technologies like data leak prevention (DLP) and digital rights management (DRM) into their cloud-based systems. DLP and DRM strategies control access to information assets like intellectual property, regardless of the location. They can also be set up to ensure compliance and protect data in the cloud, on-premises, and at endpoints.
In the age of compliance governance and sophisticated breaches, protecting sensitive data is the biggest concern for CIOs and CEOs. Modernising cloud security for a successful transition into 2020, starts with these CIO’s best practices.
About the author
Rakesh Soni is CEO of LoginRadius, a provider of cloud-based digital identity solutions. The LoginRadius Identity Platform serves over 3,000 businesses and secures one billion digital identities.