In many ways, 2020 was a banner year for IT advancing digital transformation and modernization agendas. Businesses were forced to accelerate IT modernization plans to support work-from-home and operations during the pandemic. However, it was also a year with big headlines on the bad actors, hacking their way into the global private sector, public sectors and individual accounts.
In this blog, we will refrain from the usual FUD and republishing of high-profile attacks. We are at risk of getting numbed by the constant reminders.
In 2021, according to Info-Tech IT will continue to be in the spotlight again as the critical function supporting the business. IT will need to focus on accelerating speed to value and thinking outside the box to confront what’s coming…[good and bad].
We all can appreciate the real value in protecting our assets, people and data. That may seem obvious, but less obvious gaps still exist between the enterprise security posture and our multi-cloud posture. The gaps exist in the lack of alignment, different methodologies between cloud shared responsibility models and enterprise posture, and an ongoing shortage of supporting security skills.
Enterprise security postures need to be updated with thorough Multi-factor Authentication (MFA), Single Sign-On (SSO) and Role Based Access Controls (RBAC) projects. It is not so easy to update policies, controls and documentation when there are differing approaches to security in our hybrid worlds. Treating each cloud as its own security snowflake also creates a big gap. Microsoft, AWS, Oracle, SAP, ServiceNow, Salesforce, etc. SaaS providers all have their better practices. This complicates and increases our risk as we think about things like vulnerability management and responses to threats.
For larger organization with well-defined business continuity plans and business continuity management systems (BCMS), activation teams now need to add (if not already included) IT leadership as members when disruption occurs in its clouds. Yes, its clouds.
In 2021, until the issue raises its ugly head due to bad actors’ attacks, there is still reticence to allocate budget for alignment and remediation.
However, proactive planning, whether under the business continuity banner or straight up risk mitigation improvements, can improve reaction times and leverage skills shortages.
Here are three steps to delivering a Cloud/SaaS/Enterprise security alignment strategy.
1. Determine the Differences in Each Provider’s Approach
An assessment and gap analysis can quickly expose actionable areas for alignment, remediation and prioritization. It can also highlight better from best.
2. Do a Security Posture/Policy Assessment (including all areas of your hybrid environment)
Policies are generally behind in one or more of the Cloud/SaaS/Enterprise combined view. This can have an impact on controls assessments and can impact activations for business continuity if not updated.
3. Leverage Your Enterprise Security Posture
The enterprise security posture, policies and response plans are your best practice! Use these as your standard bearer for prioritization and remediation in Cloud and SaaS.