Resilience within Modern Security Architectures - My Point of View
Joao Paulo Sevegnani
Cybersecurity Innovator at Microsoft | CCSP-Certified Cloud Architect & Trusted Thought Leader | Driving Security, Compliance & Identity Transformation for 41k+ Professionals
This is my personal point of view from Avanade's White Paper in collaboration with IDC.
Get the full report here: BUILDING RESILIENCE INTO MODERN SECURITY ARCHITECTURES. (Authors: Duncan Brown, Christina Richmond, Denis Maslennikov and Claudio Stahnke, September 2021).
Digital transformation projects have accelerated the migration and adoption of cloud environments in a non-predictable way in the last year. With the move of our workforces to remote locations and assuming that this scenario will be the “new normal”, change and new technology implementation are now in an unprecedented level in the majority of the organisations.
Usually, security is the main challenge to achieve success in a cloud implementation project. These aspects relate to lack of maturity in security and cloud, and with the fact that many organisations did not establish yet a cloud security strategy. These factors could lead to more cost and complexity related to the cloud migration or implementation project, since we often have to go back to completed / in production projects to redesign components and resources to be compliant with the strategy / policies once you have one framework defined.
What is the big picture? Organisations do not have all the required skills to create the strategy (Cloud and Cloud Security), develop a framework and to implement cloud projects at this moment, and looking ahead, this scenario could be even more critical in the years to come. ?
How to Embrace Change and Become More Resilient?
1.?Prepare data and workloads for cloud migration and management
We must create a Journey to the Cloud strategy that suits our business and with that framework, decide the best approach for the workloads we will migrate to the cloud. Having the criteria to “go” or “not to go” to a cloud environment consider not only the economic aspect of the solution, but efficiency and regulatory topics are also included in the process. ??
2.?Match cloud-based resources with cloud-based access controls and security
New environment (cloud) requires new set of skills and tools. Cloud resources concerns are around vulnerabilities and misconfiguration. Vulnerability management and patch management play a key role in this scenario, but configuration errors have the most important slice of this cake at this point. That’s why we need to review processes, skills, and tools in order to prepare them for a new reality.
3.?New regulatory and compliance obligations which come with cloud
Shared responsibility model is key to understand and apply the management matrix for cloud environments. We need to implement or reinforce security assessments for any third-party solutions, software / services, interfaces, etc., to guarantee we are compliant with the company policies and with regulatory requirements.
4.?Emphasise a business risk-based approach
Line of business are ruling the IT budget in even more organisations now a days and every new technology introduces new security risks and concerns.?Executives needs to be aware of they role in creating the digital resilience in this changing scenario. The challenge is to balance new technologies with the size of the risk we have to take.?
5.?Build a protected remote working space
Work is not a place, is what we do / produce. We need to have the same level of protection no matter where the users are. Remote locations are the “new normal” for workers and we need to apply the company policies and security controls in order to protect access (identities), devices and the most valuable one: Data. ?
What's next? Time to Rethink
Journey to the Cloud and Cloud Security are not new topics. The new factor since last year has been the lack of time to develop and execute a strategy to migrate core systems to new infrastructures - Cloud - while designing new security models in an accelerated way (short timeframe due to pandemic). Now is the right time to Rethink security strategies to better respond to future challenges and volatility.