CIO & LEADER-Issue-01-April 2018 (1)

More documents

Recommendations

Info

Security 1 In 4 Organizations Using Public Cloud Has Had Data Stolen As per the security report, poor visibility is found to be one of the greatest challenges to cloud adoption in organizations By CIO&Leader P Poor visibility is one of the greatest challenges to cloud adoption in an organization, according to McAfee’s Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security report. Across all industries, computing storage and asset protection are transitioning to the cloud, making it difficult for IT practitioners to see what is ahead. This uncertainty and lack of visibility to new environments are causing some executives to move slowly or stick to their known paths, while others move boldly ahead. “Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, senior vice president of the cloud security business unit, McAfee. “By implementing security measures that allow organizations to regain visibility and the control of their data, businesses can take advantage of innovative services and accelerate their business with a more informed approach to security in the cloud.” Cloud Services Nearly Ubiquitous Almost all organizations are well into cloud adoption. According to the survey, 97% of worldwide IT professionals are using some type of cloud service and are concurrently working through issues 34 CIO&LEADER | April 2018
Security related to visibility and control. The combination of public and private cloud is also the most popular architecture, with 59% of respondents now reporting they are using a hybrid model. While private-only usage is relatively similar across all organization sizes, hybrid usage grows steadily with organization size, from 54% in organizations up to 1,000 employees, to 65% in larger enterprises with more than 5,000 employees. Cloud-First is the Strategy of Most Organizations, but in Cautious Decline Cloud-First is an information technology strategy that states new projects should consider using cloud technology first as opposed to on-premises servers or software. According to the report, Cloud-First is the strategy for IT in many companies and remains a primary objective. Caution seems to have taken over for others, as the number of organizations with a Cloud-First strategy dropped from 82% to 65% this year. Despite the reported security incidents, respondents with a Cloud- First strategy still believe that public cloud is safer than private cloud. Sensitive Data Stored in the Cloud The majority of organizations store some or all of their sensitive data in the public cloud, with only 16% stating that they store no sensitive data in the cloud. The types of data stored run the full range of sensitive and confidential information. Personal customer information is by far the most common, reported by 61% of organizations. Around 40% of respondents also store one or more of internal documentation, payment card information, personal staff data or government identification data. Finally, about 30% keep intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud. Managing the risk of storing sensitive data in the cloud means ensuring the organization has visibility to it. A focus on fundamental governance and technological steps, such as requiring departments and personnel to participate in asset identification, classification and accountability helps build visibility. Data Loss Prevention integration with cloud providers, including the use of Cloud Access Security Brokers, manual or automated data classification and other technology steps, will help reduce the risk of sensitive information flows to and through cloud services. Security Incidents Still Widespread Prominently, one in four organizations that uses IaaS or SaaS has had data stolen, and one in five has experienced an advanced attack against its public cloud infrastructure. As organizations prepare for the European Union’s General Data Protection Regulation (GDPR), slated for May 2018, they will be ramping up compliance efforts. Organizations that are more confident in the ability of their cloud providers are more likely to have plans to increase their overall cloud investments in the coming year, while those less confident plan to keep their investments at the current level. Fewer than 10% surveyed, on average, anticipate decreasing their cloud investment because of GDPR. Malware continues to be a concern for all types of organizations and 56% of professionals surveyed said they had tracked a malware infection back to a cloud application, up from 52% in 2016. When asked how the malware was delivered to the organization, just over 25% of the respondents said their cloud malware infections were caused by phishing, followed closely by emails from a known sender, driveby downloads and downloads by existing malware. Respondents with a cloudfirst strategy still believe that public cloud is safer than private cloud Skills Shortage Decreasing The shortage of cybersecurity skills and its impact on cloud adoption continues to decrease, as those reporting no skills shortage increased from 15% to 24% this year. Of those still reporting a skills shortage, only 40% have slowed their cloud adoption as a result, compared to 49% last year. Best Practices and Recommendations Based on findings from this year’s study, the report concludes with three best practices that all organizations should actively work towards: DevOps and DevSecOps have been demonstrated to improve code quality and reduce exploits and vulnerabilities. Integrating development, quality assurance and security processes within the business unit or application team is crucial to operating at the speed today’s business environment demands. Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own. Automation that augments human advantages with machine advantages, such as that found in tools such as Chef, Puppet or Ansible, is a fundamental component of modern IT operations. Multiple management tools make it too easy to for something to slip through. A unified management system across multiple clouds with an open integration fabric reduces complexity April 2018 | CIO&LEADER 35
Page 1: Column Cambridge Analytica Case: Lo
Page 4 and 5: Column Cambridge Analytica Case: Lo
Page 6 and 7: around thetech WhAT CIOs are tired
Page 8 and 9: Around The Tech Flip the Cart matte
Page 10 and 11: COLUMN By Mohua Sengupta Is Hashgra
Page 12 and 13: COLUMN By Shyamanuja Das Cambridge
Page 14 and 15: Cover Story 12 CIO&LEADER | April 2
Page 16 and 17: Cover Story According to Gartner's
Page 18 and 19: Cover Story The Rise of the B2B sta
Page 20 and 21: Cover Story Collaborating with a st
Page 22 and 23: FACE OFF // Is ROI becoming outdate
Page 24 and 25: POINT OF VIEW: Ctrl-S “Over 200 i
Page 26 and 27: insight Companies Are Going To Spen
Page 28 and 29: Insight Blockchain’s Red Hot Indi
Page 30 and 31: Insight Exchange in March 2014. Bas
Page 32 and 33: Insight Bot Seriously! Virtual assi
Page 34 and 35: Insight And You Thought Security Is

CIO &amp; LEADER-Issue-01-April 2018 (1)

Create successful ePaper yourself

Delete template?

Save as template?

CIO & LEADER-Issue-01-April 2018 (1)