August 15, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Securing the cloud isn’t rocket science – it just requires a little extra knowledge. While it’s tempting to think of the cloud as a new frontier in computing (and, in some ways, it is), cloud security solutions have been around for almost as long as the cloud itself. The trouble is that most organizations don’t know how they should think about cloud security in the first place. ... A good starting point for many organizations is simply evaluating how effective their existing cloud security is. It isn’t enough to implement security solutions – even if they’re the right solutions. It’s also important to know that they are functioning as intended. Today’s organizations have more testing and validation tools at their fingertips than ever, and conducting breach and attack simulation, automated red teaming, and other exercises can lay bare where vulnerabilities and inefficiencies exist. Recent testing reveals that the basic security suites offered by the leading cloud providers are not enough to detect all – or even most – attack activity, highlighting the areas where organizations need to implement new protections and providing insight into what additional solutions may be necessary.
To better understand cloud waste, we need to understand the iron triangle of project management, which states that there is always a tradeoff between speed, quality, and cost. If you want to deliver a quality product/feature quickly, it will cost you more. Businesses are always trying to innovate and deliver continuous value to their customers. Often, it means putting pressure on the delivery teams to improve time to market. As an effect, there is the over provisioned capacity of resources; multiple resources that were provisioned to validate theory or concept were not deleted as the teams moved on either delivering the accepted solutions or to another project assignment. This is one of the major factors of cloud waste. ... Since you pay for each resource provisioned in the cloud, managing cloud waste becomes critical, as it directly impacts your business’s bottom line. CFOs and finance teams struggle to manage the forecast and budget for cloud spend as they never know what capacity is wasted in the cloud, and there is no good way to review it regularly.
The flexibility of the NaaS model allows businesses to experiment with new technologies and use cases without the risk of large, upfront investments in hardware and expertise. This is particularly valuable as emerging technologies like AI and edge computing become more prevalent in enterprise environments. ... The potential benefits of Campus NaaS are significant and organizations must carefully evaluate potential NaaS providers. Standards-based solutions ensure interoperability between different NaaS components and service providers allowing businesses to seamlessly integrate NaaS solutions from various vendors without compatibility issues. Security capabilities, and long-term roadmaps should also be considered. Campus NaaS is poised to play a pivotal role in shaping the future of enterprise networking, enabling businesses to build the agile, high-performance foundations needed to thrive in an increasingly digital world. As the technology continues to evolve and mature, we can expect to see even more innovative use cases and deployment models emerge, further cementing the role of Campus NaaS as a cornerstone of modern enterprise IT strategy.?
领英推荐
For IT architects and security teams, the joint challenge here is actually one of the oldest ones in IT – knowing what you have. Getting an accurate inventory of all your software assets and components is a hard task on one platform, let alone across internal datacenter deployments, web applications, public cloud implementations and modern cloud-native applications. Keeping this inventory up to date is harder still, given how much change will take place over time across the entire application estate. Alongside this inventory, there are other factors to consider. Not all applications are created equal, and an issue in an internal web application that is used by a few people every month will not be as important as a critical vulnerability in a business application that is responsible for generating revenue every day. Yet both of these applications may have a flaw, and alerts sent to request fixes or updates get made. Internal processes and workflows will also affect the situation. While security teams might spot potential issues in an application or software component like an API, they will not be responsible for making the change themselves.?
Resistance to transformation has several causes, Dewal says. First off, many logistics professionals already feel slammed, and don’t welcome the idea of new work. “It can feel like an add-on, creating competing priorities,” she says. Then there’s a fear-based resistance to the perceived complexity of the new tasks involved. “It’s too complex and we don’t have the right skill sets to be able to execute on them,” she says, describing this mindset. “Collectively, let’s call it the fear of failure, of getting it wrong.” Finally, there’s the familiar human tendency to prefer sticking with the status quo. “That can hide variations underneath it,” Dewal says. “Sometimes the team is not even sure why the transformation is needed. Sometimes, they feel like they’re not getting enough support in terms of executing it.” Further, the survey dug into two types of resistance – productive and unproductive. Productive resistance is the type that comes from on-the-ground knowledge and expertise that relates to the implementation itself. ... Leaders who avoided a top-down, change-or-die approach, and instead focused on communication and collaboration, had much better chance of success, the survey found.
In information security, where risk is widespread, attacks are becoming increasingly sophisticated, and so much is on the line, one defining attributes of successful CISOs is their courage. The good news is, courage is a muscle that can be developed just like any other. It’s also a mindset. The CISOs on this panel described various internal motivators that keep them in the game, resilient, and adaptable, even in the face of daunting challenges. They made it clear that it’s a lot easier to be courageous when you’re driven by a love for what you do and maintain a clear line of sight to the impact you’re making. One of the common threads is their focus on “moments of truth,” those points of contact between cybersecurity and various stakeholders. Leaders who are intentional about this find they’re better able to see around corners and show up more strategically as business enablers. Rodgers says it’s a lesson she learned in the early days of her career when she worked on a help desk. Fielding complaints all day takes its own kind of courage. “But the beauty of it is, you get to know people and how they work,” she says. “I got to a point where I could anticipate what they were going to want, so I started proactively providing those things. ...”