August 11, 2017
IT Leadership Group Meeting: Cloud Security
The mission of Think IT is “to foster professional growth and development through the power of networking and collaboration” and we did just that at last week’s IT Leadership Group meeting! We had individuals from several different organizations, throughout the Twin Cities, come together and discuss Cloud Security.
Thank you again to, Trevor Farnum, VP Information Systems at Data Recognition Corporation, for facilitating a collaborative session, and to Bryant Poush and Christopher Groshong, for being our “Cloud Gurus” and allowing everyone to pick your brains! Last but not least, thank you Cargill for your willingness to host our group!
What’s your risk profile? What data are you storing in the cloud? Do you have any compliance or contractual requirements? It is important to think about all of these questions and truly understand your organization’s risk profile.
The Cloud creates an elastic environment and it is important that you scale your security to best align with your organization. There are many products out there and it is crucial that you determine which ones will best meet your needs, because what works for one company may not work for the next! That is why it is very beneficial to hear and learn from other organizations on what has or hasn’t worked for them and then you can tailor your approach from there.
Solutions to the Dirty Dozen
What are your organization’s major concerns about Cloud Security? The “Dirty Dozen” probably comes to mind – account hijacking, malicious insiders, data breaches, data loss, just to name a few – but there are ways to hinder or prevent these concerns from occurring. Identity Management and Policy Enforcement, Encryption, and SaaS/PaaS were mentioned during the discussion and are solutions to the dirty dozen. However, it is important to remember that nothing is ever bulletproof; it was stated that it can be beneficial for teams to run through scenarios just in case one of the Dirty Dozen or a crisis occurs.
Remember, security should be everyone’s focus and should be shared across different teams. To share security, communication is key. It is vital to constantly and consistently communicate not only internally, but externally, to your clients/customers as well.
What approach is your organization taking on Cloud Security?