CIO & LEADER-Issue-10-January 2018 (1)
The cover story on CIO&Leader's January issue is a dive into the skills that CIOs are going to develop and hire in 2018
The cover story on CIO&Leader's January issue is a dive into the skills that CIOs are going to develop and hire in 2018
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Column<br />
With increased sophistication of threats, cloud security is<br />
becoming even more dynamic as it evolves<br />
as a data center. Whether cloud or onpremise,<br />
organizations have to deal<br />
with human error, malicious breaches<br />
from internal and external sources, as<br />
well as system glitches. The massive<br />
amounts of data located on shared<br />
cloud servers always entice criminals.<br />
Things get a lot more complicated<br />
when a multitude of mobile devices<br />
are used in organizations.<br />
With increased sophistication of<br />
threats, cloud security is becoming<br />
even more dynamic as it evolves.<br />
Organizations continue to be responsible<br />
for security, privacy and compliance<br />
even when under different cloud<br />
service models. The need for consistent<br />
policies, password rules and<br />
specialized data encryption methods<br />
has never been greater. Both the organization<br />
and the CSP have roles that<br />
vary in scope, but then both also have<br />
different levels of responsibility that<br />
encompass the entire gamut of operations—from<br />
data classification,<br />
endpoint protection, identity and<br />
access management, application and<br />
network level controls, to host and<br />
physical security.<br />
There are clear boundaries defined<br />
and responsibilities identified for<br />
organizations and CSPs. For instance,<br />
in both on-premise and cloud models,<br />
the organization is responsible for<br />
ensuring that the data is classified<br />
and encrypted in compliance with the<br />
regulatory obligations. In the case of<br />
endpoint devices, CSPs may facilitate<br />
the management of these devices by<br />
providing secure device management,<br />
mobile application management, and<br />
PC management capabilities; however,<br />
the responsibility of implementing the<br />
security solution again lies with the<br />
customer organization.<br />
Who is responsible for<br />
a breach?<br />
There is no question about who is<br />
responsible when a breach occurs. For<br />
businesses, the vital consideration in<br />
securing the infrastructure and data<br />
relates to where the CSP’s responsibility<br />
ends and the organization’s begins<br />
so that a breach does not occur in the<br />
first place. This means that while the<br />
provider is responsible for protecting<br />
the hardware, software, physical facilities<br />
and other aspects involved with<br />
running the cloud services provided,<br />
businesses maintain control over a<br />
number of key security measures.<br />
Some key security measures for<br />
<strong>January</strong> <strong>2018</strong> | <strong>CIO</strong>&<strong>LEADER</strong><br />
13