While new responsibilities and increased professional visibility for CIOs may seem daunting, the good news is that the new CIO role is much more than the head of IT maintenance. This is the takeaway from an article shared by Cynthia Stoddard of NetApp on the business benefits of moving to the cloud. Interestingly, the author, Shorenstein CIO Stuart Appley, advocates for removing pure operational costs from the equation. Even though costs may be lower in the cloud, the driving factors should be those listed in the bulk of the article: greater security, business focus, increased agility, and enabling innovation.

Unfortunately, perceptions and irrational fears can often win out over facts, according to HP’s Charlie Bess. Some companies categorically reject the idea of sanctioning cloud services because of an ungrounded reputation that the cloud is insecure. On the contrary, enterprise-ready cloud services can make investments in security that are unmatched by individual IT departments since their entire businesses are staked on their reputations as secure repositories for data.

Ryan Fay of ACI Specialty Benefits points out that securing employee cloud activity requires a concerted effort – and a new, data-centric strategy. Cloud usage contains two main security concerns: the vulnerability of data uploaded to cloud services and the exfiltration of data stored on-premises via the cloud. Even encryption of data in on-premises servers does not necessarily prevent the latter scenario, since hackers commonly infiltrate the corporate network with valid credentials. The first step is to gain visibility into cloud traffic. Denial is not an option: the average company uses 923 cloud services, ten times more than IT expects.

Brian Shipman of Heritage Auctions highlighted a nuance of securing data in the cloud: different types of data are stored across an array of disparate services. The ideal security strategy will bring security intelligence from all cloud services into a single unified platform, leveraging as many behavioral analytic vectors as possible. Cloud services do connect with each other via API gateways, and this point reflects another area of vulnerability. Services like Salesforce invest heavily in security, but third-party applications that connect to Salesforce may not have the same capabilities. Attackers can opt for the weakest link by targeting cloud systems of record in third-party applications that are often adopted by business users.

The Golden State Warriors celebrated their NBA championship on Friday, but cybersecurity lessons from the NBA’s Lebron James and Stephen Curry will be useful all season. Former Deputy White House CIO Dr. Alissa Johnson describes five tips that CIOs can take away from watching the NBA. For example, how are advanced persistent threats the “flagrant fouls” of the information security world? Is your incident response as well executed as a designed out-of-bounds play? The article is accompanied by an interview that also features FCC CIO David Bray.

The Definitive Guide to Cloud Security

In this ebook, we will dive into the details of a framework for managing cloud security.

Download Now