FINAL WORD

What do CIOs / CISOs need to know about cloud security to confidently navigate the complexities of their cloud environments and protect sensitive data ? Three industry experts give us their views .

John Allison , Director of Public Sector , Checkmarx

Modern cloud environments are a double-edged sword when it comes to security , especially the protection of information . Security was much simpler when you could walk into your data centre , and in front of you were rows and rows of hard drives with your data . The downside was that it was your data centre , and you were responsible for everything , including security .

The first step in protecting sensitive data is agreeing on what sensitive data is . To quote the old saying , ‘ if everything is a priority then nothing is a priority ’. The same goes for protecting data . CIOs must work with the stakeholders to aggressively narrow what is defined as sensitive to that data , that if released will cause significant harm to the company , either reputationally or financially .

The next challenge is to agree on what the minimum security measures are required to protect that data . For some industries , there are compliance standards to support this , for others , this may fall under the ambiguous term of ‘ best business practices ’. Now comes perhaps the most difficult part of this journey , to find where the sensitive data is stored .

As the CIO finds the data , they can assess the security against the requirements .

From here , a CIO can start making risk-based decisions on the prioritisation of addressing the holistic data security posture to including the CIO ’ s cloud environments . It is likely that at this point , the data is scattered across the CIO ’ s development and production environments which are on top of one or more of the major cloud providers and scattered across multiple third-party cloud services .

76 INTELLIGENTCIO EUROPE www . intelligentcio . com