search

Whose responsibility is IT to ensure that customer and organization sensitive information is not distributed to anyone IT should not be?

1 Jahrs vor
Kommentare: 0
Ansichten: 22

We live in the era of cloud computing. Consumer and business computing has been severely influenced by the emergence of cloud computing and cloud security

Show

We live in the era of cloud computing. Consumer and business computing has been severely influenced by the emergence of cloud computing – and cloud security has become an enormous issue for individuals and businesses alike.

We all know about data breaches from constant media reporting. Most of us have been impacted by a cloud security issue, whether we realise it or not. To understand why cloud security continues to be an ongoing issue, we must understand who is responsible for cloud security.

Who is responsible for cloud security?

 Corporations make a mistake in believing that when they migrate to the cloud, the responsibility of cloud security automatically shifts to the cloud provider. Users presume their company policy will keep them safe. Customers assume they can use the same password for every SaaS account they have, without ill effect. They are all wrong.

We must note that cloud security is the entire ecosystem of people, processes, policies and technology that serve to protect data and applications which operate in the cloud. The responsibility here is a shared one; shared between the organisation, the cloud provider, and all its users. While data can be safe in the cloud, everyone with access to that data affects whether it remains safe. Cloud security must be everyone’s responsibility.

Is the need for cloud security on the increase?

There is a growing need for better cloud security as companies are obligated to protect organisational data; both their own data and data that belong to customers. High-profile data breaches have spurred businesses to look at and manage their cloud security proactively. However, as businesses ups the ante on cloud security, hackers are also becoming more sophisticated.

The main question is not whether the cloud is secure; it is whether your business is using the cloud securely. To complicate matters, the security downsides of the cloud are directly related to its benefits.

On average it takes businesses 287 days to detect a breach, and 80 days to contain it.

Stay a step ahead of the hackers with a continuously evolving cybersecurity strategy, and round-the-clock monitoring of your business assets and systems.

5 benefits and security downsides of cloud computing

  1. Reliability

Cloud computing makes backup, disaster recovery and the continuity of business less expensive and easier. The ability to mirror data at several sites allows for redundancy and increases reliability as a result.

Cloud Security Downside: more data spread across more locations leads to increased opportunities for error and breaches.

  1. Productivity

Data centres that are owned and operated by an enterprise require hardware, software and all associated IT management. Cloud computing removes the need for most of this, allowing IT teams to spend time on achieving more important business goals.

Cloud Security Downside: many businesses no longer employ IT professionals to oversee basic computing tasks, allowing sloppy password management and poor account security to creep in.

  1. Speed

Cloud computing services are generally consumed on-demand, in a self-service format. This allows for large amounts of computing resources to be provisioned rapidly. The ability to do so with a few clicks of the mouse gives a business a lot of flexibility and allows for better capacity planning.

Cloud Security Downside: rapid data transfer benefits attackers as well as users and developers. Entire customer databases have been stolen from cloud-based applications without their sysadmins even becoming aware.

  1. Cost

Cloud eliminates the capital investment required to procure hardware and software. It also removes the need to set up and run on-site data centres, including costs associated with power, cooling, IT expertise etc.

Cloud Security Downside: some cloud services are so cheap, they are purchased and run with little process or scrutiny, often by people or departments with no security expertise.

  1. Scale

The benefits of cloud computing include the ability to scale. In other words, the ability to deliver the right IT resources (less or more computing capability, less or more storage etc, at the right time, to the right location, and from the right location.

Cloud Security Downside: applications can quickly scale to take on more users, which can very quickly lead to dangerous amounts of personally identifiable information sitting on cloud servers that may not have been built to protect against attack.

Threats to cloud security

The reality is, that no matter how sturdy your architecture is, cyber attackers find loopholes to get into the infrastructure. Everyone who wants to maintain the security of their data in the cloud must be aware of the main threats to cloud security:

  • Account hijack one of the biggest IT threats that compromises credentials.
  • Insider threat – a violation that happens as a result of employees, e.g. an employee misusing authorised access.
  • Malware injection – codes or scripts used for malicious activities.
  • Abuse of cloud services – storing of illegal software in the cloud, e.g. pirated music and videos.
  • Insecure Application Programming Interfaces (APIs) – the means to customise the features of the cloud, which can become vulnerable through its authentication or encryption requirements.
  • Denial of Service (DoS) – cyber-attacks that, although not breaching sensitive information, has long-term effects of making servers unavailable.
  • Data breaches – with the cloud, this is amplified.
  • Insufficient due diligence – cloud security is compromised when there is inadequate owing diligence done when organisations aren’t clear about their policies.
  • Shared technology issues.

The documented incidents of cyber-attacks have demonstrated how businesses often cannot recover reputationally and sometimes financially from such a hit. The return to compliance can usually cost millions, but the loss of confidence from shareholders and customers is unquantifiable. Mitigating such risks of any suspicious activity by employing the best cloud security practices is critical for corporations.

Sharing cloud security responsibility with vendors

Businesses must take responsibility for ensuring that their data is secure. However, with a cloud vendor, it becomes a shared responsibility. Enterprises distribute cloud-based applications among varying environments, which dictate the level of responsibility organisations possess in data protection.

  • Public cloud – the cloud vendor owns infrastructure with the business retaining ownership of the data and virtual network. Responsibility for security is shared.
  • Private cloud – the cloud is hosted in an enterprise’s data centre with the sole responsibility of security vested in the corporation. The business is responsible for the protection of its infrastructure, as well as the applications and data that run on it.
  • Software-as-a-Service (SaaS) – cloud vendor hosts applications and makes them available to businesses via the internet. Users have instant access to documents without the inconvenience of installing applications on personal devices, and synchronising data across many devices. SaaS dictates who is responsible for which specific security tasks.

Whatever the choice of infrastructure, the cloud vendor will not secure customer data, which falls in the domain of the organisation’s responsibility. Regardless of whether businesses choose a public or private cloud, the reality is that every business and individual is at risk of a breach. Ensuring cloud security and safeguarding data is a non-negotiable business practice. Corporations must ensure they work closely with their cloud providers, treating the relationship as a partnership and not solely as a service. Vetting the details of the service offered by the cloud provider allows the business to consider any loopholes.

The shared responsibility model

Cloud providers follow the shared responsibility model with businesses closing the loop on security and compliance. This model allows the cloud provider to take responsibility for the security of the cloud environment while the organisation takes responsibility for security IN the cloud. This matrix of responsibility eliminates single points of failure and achieves higher security. Sharing the responsibility of cloud security reduces the day-to-day operational responsibility for the enterprise and ensures holistic compliance.

Organisations are responsible for the:

  • Platform, identity and access management
  • Applications
  • Operating system
  • Network traffic encryption, server-side encryption and data integrity

Cloud providers are responsible for:

  • Compute, database, storage and networking
  • Availability Zones
  • Edge locations

Gartner reported recently that within the next five years, approximately 95% of cloud security failures would be attributed to default within organisational security. Having a clear understanding of the responsibilities and roles of both parties in the shared responsibility model is vital. The business needs to ensure that the cloud provider’s security standards are acceptable based on the enterprise’s industry, company requirements, regulations and risk profile.

The future of cloud security

As businesses become agile, they will use cloud computing even more for at least one application and related data. Cybercrime equally continues to rise, and organisations cannot risk storing vital data on unsecured servers as the penalties from a data breach can be exorbitant. The only way to mitigate such risks is a substantial investment in cloud security to ensure you protect enterprise data from data breaches. Additionally, it is crucial to recognise that there is a digital symbiotic relationship between cloud security and compliance. The structuring of regulations means that one cannot exist without the other. Whether state, federal or internal, businesses are obliged to remain regulatory compliant.

Every modern business understands that it is a commodity to protect cloud infrastructure because the real asset of any business is the data you share in the cloud. The frequency of cyber-attacks is increasing, and many companies are resorting to hiring cloud security experts to discover and track any security problems pre-emptively.

The First Step is Crucial. Start with a Cybersecurity Assessment

Where are you at your cybersecurity maturity journey? Get an assessment of your current security posture and identify the gaps and challenges that you need to act upon.

Whose responsibility is IT to ensure that customers and organizational sensitive information is not distributed to anyone IT should not be?

While the organization is responsible for securing confidential information, should there be a breach, it is the chief adminis-trator who sits in the "hot" seat.

Who is responsible for information security at the organization?

A company's CISO is the leader and face of data security in an organization. The person in this role is responsible for creating the policies and strategies to secure data from threats and vulnerabilities, as well as devising the response plan if the worst happens.

Who is responsible for protection of customer data?

Consumers say the responsibility for data security is on the business operating the service.

Who is responsible for data breach?

Data owners are held responsible for data security. For this reason, they are usually considered liable for breaches. Of course, the data owner may be able to argue that they did everything required of them to ensure the security of the data.

responsibility ensure customer organization sensitive information distributed Security policy Data privacy Personal data protection Information security policy

zusammenhängende Posts

Which of the following group of people are regarded as the interested group towards social responsibility of business?
Which of the following group of people are regarded as the interested group towards social responsibility of business?

What is the responsibility of the Office of the National Coordinator ONC for health information technology?
What is the responsibility of the Office of the National Coordinator ONC for health information technology?

Which of the following organizations has the overall responsibility for food safety regulation in the United States quizlet?
Which of the following organizations has the overall responsibility for food safety regulation in the United States quizlet?

Which of the following is not an example of a philanthropic social responsibility initiative
Which of the following is not an example of a philanthropic social responsibility initiative

According to analysts, who must take chief responsibility for educating employees about ethics?
According to analysts, who must take chief responsibility for educating employees about ethics?

Which of the following practices adds tasks that increase both responsibility and opportunity for growth?
Which of the following practices adds tasks that increase both responsibility and opportunity for growth?

What is the responsibility of Western countries toward the economic development of developing countries?
What is the responsibility of Western countries toward the economic development of developing countries?

The process of starting, organizing, managing, and assuming the responsibility for a business.
The process of starting, organizing, managing, and assuming the responsibility for a business.

Who has responsibility for the control and prevention of infection in a healthcare environment?
Who has responsibility for the control and prevention of infection in a healthcare environment?

Which model of corporate social responsibility considers business a citizen of the society that it operates in?
Which model of corporate social responsibility considers business a citizen of the society that it operates in?

Werbung

NEUESTEN NACHRICHTEN

Borderline wer ist schuld
1 Jahrs vor . durch LunarLine-up
Wer hat mich auf Instagram blockiert
1 Jahrs vor . durch IncipientHeader
Wie geht es dir was soll ich antworten?
1 Jahrs vor . durch SolubleAuthority
Kind 1 Jahr wie oft Fleisch
1 Jahrs vor . durch ThirstyRepublic
Was müssen Sie bei der Beladung von Fahrzeugen zu beachten?
1 Jahrs vor . durch WaxedHeadquarters
Schütz Die Himmel erzählen die Ehre Gottes
1 Jahrs vor . durch ExtrinsicSaucer
In planning an IS audit, the MOST critical step is the identification of the
1 Jahrs vor . durch SteepPanther
Wie lange darf eine Kaution einbehalten werden?
1 Jahrs vor . durch SeasonalBanjo
Sarah connor nicht bei voice of germany
1 Jahrs vor . durch FloridIceberg
Kann man mit dem Fachabitur Jura studieren?
1 Jahrs vor . durch PolarIndecency

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitthtr
Urheberrechte © © 2024 ketiadaan Inc.