Security and Compliance as a Competitive Advantage

Before we talk about making cloud security to your advantage,  let’s try to understand

  • What are the market trends?
  • Definition of competitive advantage
  • What happens after you have been attacked?
  • How to build Cloud security into your Organization DNA?

Market Trends

Call this a cloud security weather report..

  1. Organizations, big and small, are embracing cloud like there’s no tomorrow
  2. Business units are trying to cope up with rapid release cycles all around them
  3. Even with organizations using cloud for couple of years now, Cloud security practices are at-best nascent
  4. Cloud security professionals (good, average or bad) are not available to hire.

Few Predictions

Lets throw in a few predictions as well…

      • Most businesses don’t recover from a Cyber attack
      • Security failures happen because of customer’s fault – mostly due to not understanding the cloud’s shared responsibility model

 

Through 2020, 95 percent of cloud security failures will be the customer’s fault

– Gartner

Source Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond, October 2015, http://www.gartner.com/newsroom/id/3143718

What is ‘Competitive Advantage’

an excerpt from Investopedia…

“Competitive advantages are conditions that allow a company or country to produce a good or service at a lower price or in a more desirable fashion for customers. These conditions allow the productive entity to generate more sales or superior margins than its competition. Competitive advantages are attributed to a variety of factors, including cost structure, brand, quality of product offerings, distribution network, intellectual property and customer support.”

From <http://www.investopedia.com/terms/c/competitive_advantage.asp>

 

What happens after you have been attacked?

Let see what our friends at Deloitte say. A picture is worth a thousand words.

Boiling down to its essence…

” Most businesses don’t recover from a Cyber attack “

 

Source: https://dupress.deloitte.com/dup-us-en/deloitte-review/issue-19/loss-of-intellectual-property-ip-breach.html

How to build Cloud security into your Organization DNA?

Well then !

How to embrace cloud security wholeheartedly and get a 1-up advantage with your Competitors?

Here’s the mantra you could chant

“Start early, do it once, rinse and repeat, keep evolving !!”

Cloud Security Approach

 

1. Make Security part of your design

Enterprise Architects, IT directors should start incorporating Security and Compliance as part of the Architecture/design artifacts. Let them think end-to-end on security architectures, All the way from How-to’s (reference architectures), Who-should (draw up a charter including everyone), When-to (continuous).

2. Train your Business Units

Train/Certify your core team members and champions from each Business Units on core security principles.

      • Confidentiality,
      • Integrity,
      • Availability

The more the merrier. Get them hands-on, ask simple questions (and maybe the answers are difficult, but that’s good) help them get hands-on. For example,  ask them – how many applications, systems, ..

      • Are fully patched?
      • Which applications are not, who is the owner
      • Where does data reside? What is Data-at-rest policies?
      • Who has access? Etc etc

3. DevOps, DevOps, DevOps

Much has been talked about DevOps. I won’t go into details. But just say this instead…

SecOps is good, but incorporating security into your DevOps toolchain is much better.

DevOps is continuous, so should be your focus on Security

4. Continuous GRC Monitoring

Your leadership team should get involved by making security as a KPI across the Organization. Start talking about

      • how many Bus have adopted security architectures,
      • ask for DevOps reports (patching, vulnerabilities, continuous audit reports etc)
      • Incentivise team members to becoming champions on security
      • Award them for reporting and thwarting attacks.

What do you think? Does this help?

 

 

Fields marked with an * are required

Subscribe to our newsletter!

Fields marked with an * are required
No Comments

More from our blog

See all posts
Fields marked with an * are required