Suddenly our world is more complicated. Cloud apps, cloud infrastructure, gig economy IT staff across multiple continents. Add cyber security and compliance requirements…. Arghh! We can help, read on.
At its most basic, if you use a cloud computing supplier then, depending on your contract, you may find that your data can be moved from one country to another at your supplier’s convenience or that the levels of IT security protecting their different data centres in different countries may vary. Plus your data and apps will be under different laws depending on location – for example allowing a government agency to inspect your data as it crosses their borders. This can complicate matters for your own IT security compliance strategy and may also impact customer relationships, especially if you have an international or public sector customers.
Different and more sophisticated security measures are needed for both IT infrastructure and applications if you use cloud computing resources. Are your existing staff and consultants using the right techniques? Pen test approaches, security architecture and compliance may all need to be reviewed if you incorporate SaaS (software as a service) or IaaS (infrastructure as a service) into your environment.
Similarly the gig economy (or outsourcing if you will) can create cyber security wrinkles. Consider using contract developers who bring their own laptops. How do you ensure that these laptops are clean and that any open source modules the contract developers use are from trusted sources? It can be hard to apply consistent endpoint security measures to devices owned by an employer or contractor for obvious reasons.
We’ll be exploring these topics in much greater detail in a series of blog posts. Topics will include governance and compliance, privacy, forensics and incident response, security event monitoring, pen testing, threat and risk assessment approaches and application security.