Our IT Executive Roundtables are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. The group met remotely to discuss cybersecurity staff turnover and burnout led by the CISO of a leading children's hospital. This Session was sponsored by Nasuni.
Cloud migrations are at the heart of many digital transformation efforts. Going cloud-first allows you to be more agile, efficient, and flexible. It also promotes collaboration and empowers you to build a remote global workforce. But what are some challenges people face while migrating their infrastructures to the cloud? How do you align your business objectives with your cloud initiatives? How does security fit into the picture?
At the start of the discussion, attendees talked about the benefits and challenges of expanding to the cloud. A CISO said that the elasticity and scalability of cloud platforms are the primary reasons people are moving to the cloud. A director of data analytics added that cloud platforms offer ease-of-use and portability. However, data security is a concern. A senior technology executive remarked that they are finding it hard to set granular access control policies for their cloud resources. A CSO told the audience that mitigating security misconfigurations and human error has been a major challenge for them. Multiple executives believed it’s hard to control costs on the cloud, making it challenging to perform financial forecasting.
A participant shared some questions you should answer when starting your cloud journey.
Answering such questions will equip you with the insights you need to deploy, secure, manage, and scale your cloud infrastructure.
Having a well-defined security policy for managing cloud environments is also essential. A speaker mentioned that they have compiled a list of minimum cloud security controls and implemented a way to validate configurations. When dealing with third parties, they enforce a shared responsibility model through a responsibility assignment matrix (RACI). All this has allowed them to improve their security posture.
A contributor stated that you couldn’t get cyber-insured these days unless you have a mature security program—the statement resonated with other audience members. To determine your eligibility for a policy, insurance companies perform audits on your infrastructure and gauge your adherence to modern cybersecurity maturity models. Failure to demonstrate a high maturity level typically means you don’t get insured. Insurance companies are pushing organizations to become more security conscious in some ways.
A speaker commented on the importance of having a clearly defined data retention policy. The key is regularly reviewing data and identifying files/objects that haven’t been used in a long time. If a file hasn’t been accessed for X years, schedule it for deletion, unless someone can justify the need to make an exception. Indefinitely storing large amounts of data needlessly increases your attack surface and total cost of ownership.