President, Cloud Security Alliance Canada Chapter
Looking to 2021 and beyond, cloud security will be a top-of-mind issue for CIOs and data-driven enterprises, which in today’s economy means all enterprises.
For 2021, security to and within the cloud remain top concerns for cloud consumers and CIO’s. As a reference, the research and advisory company Gartner indicates that 99 percent of threats into 2021 will likely be based primarily on IaaS and PaaS service delivery models. This is primarily due to a lack of familiarity with cloud security best practices. Businesses are moving significant amounts of their data into big data analytics tools that reside within public cloud, while developers continue to create more greenfield applications tailored to natively operate from the cloud.
Based on the rate of tech advancement, it’s likely that nothing is shifting quicker than cloud-based cybersecurity implications and priorities. As a result, it’s key for thought leaders and other stakeholders to provide some leading questions that cloud practitioners and IT management should be thinking about. One of the mandates for Cloud Security Alliance Canada Chapter is to provide general guidance on security best practices for various cloud technologies from a Canadian perspective. Here are some initial questions that might be posed to a CIO when they’re looking to draft or revise existing security policies:
The International Security Forum predicts a common IT attack vector in 2021 will be Internet of Things (IoT) devices and the use of ransomware. Given this, does your organization currently, or plan to, utilize connected devices? How would your organization address the scenario where at least one device is infected by ransomware?
State-level hacking and state-level actors can be extremely disruptive to both national governments and corporations. How does your organization plan to implement effective counter-measures to deny cyber-criminals system access while allowing routine business processes to function unaffected?
Big data as a technology itself doesn’t typically incorporate advanced security features because it relies on perimeter security frameworks. How is your organization ensuring your perimeter security is properly architected to provide maximum protection of organizational and client data?
To protect and receive benefits from a hybrid cloud implementation, organizations should plan to automate by leveraging templates (cloud implementation based on infrastructure as code). Automation provides repeatability and the capacity to share and validate. Automation also allows for a greater chance of compliance on an audit report. How does your organization’s cloud strategy incorporate automation planning for cloud resource orchestration?