Enterprise security is becoming an even more important, and more complex, topic of discussion than it already was. Especially when an organization focuses mostly on preventing external security threats, which is somewhat like, as in the photo to the left, telling employees to keep the gate closed but ignore the cloud floating over the gate and the mobile devices walking around it.
But that doesn’t mean we need to build bigger and better gates. The more open business environment enabled by cloud and mobile technologies is here to stay, and it requires a modern data security model that can protect us from the bad without being overprotective to the point of inhibiting the good.
“Security controls cost money and have an impact on the bottom line,” Gideon Rasmussen recently blogged. Therefore, “business management may question the need for controls beyond minimum compliance requirements. However, adherence to compliance requirements, control frameworks, and best practices may not adequately protect sensitive or valuable information because they are not customized to the unique aspects of your organization.”
This lack of a customized security solution can also be introduced when leveraging cloud providers. “Transparency is the capability to look inside the operational day-to-day activity of your cloud provider,” Rafal Los recently blogged. “As a consumer, transparency means that I have audit-ability of the controls, systems, and capabilities that directly impact my consumed service.”
A further complication for enterprise security is that many cloud-based services are initiated as Shadow IT projects. “There are actually good reasons why you may want to take a hard look at Shadow IT, as it may fundamentally put you at risk of breaching compliance,” Christian Verstraete recently blogged. “Talking to business users, I’m often flabbergasted by how little they know of the potential risks encountered by putting information in the public cloud.”
In the science fiction universe of Star Trek, the security officers aboard the starship Enterprise, who wore red shirts, often quickly died on away missions. Protecting your data, especially when it goes on away missions in the cloud or on mobile devices, requires your enterprise security to be on red alert — otherwise everyone in your organization might as well be wearing a red shirt.