So often, our readers comment about the difficulty of getting management to address information security as more than a critical component of the Information Technology department’s business continuity planning process. And in doing so, failing to realize that ownership of information security belongs to everyone and every department in the organization – especially to the point that failure to enact information security controls in any single part of the quality management system and control process can well cause economic penalties beyond the organization’s ability to survive those penalties.
Cybersecurity issues and all of those dynamics of moving to cloud computing play an important part of the total process of controlling information security in any organization. Has your organization decided to move some or its entire core IT operations to the cloud? If so, does your company realize the risks surrounding what they may be considering to be simply a major cost reduction effort? Have they performed a what-if business impact analysis for best case / worst case scenarios where disruptive events may affect both the informational security breach potentials, as well as, the levels of operational resilience of your company?
Moving more and more IT operations to a cloud environment seems to more and more of suggested strategy for protecting against these potential areas of threat and risk — especially for small and mid-sized companies. And if we assume that to be the case, then, certainly a strong area of consideration for moving to the cloud involves an evaluation of maintaining at least current levels of compliance requirements for your organization – let alone those areas of constant change in requirements that come with every organization’s attempts to always be compliant with the requirements in their target market as well as those federal regulated requirements coming from the countries in which their organization does business.
It is with this point in mind that our staff recommends reading an article written by Joseph Granneman, CISSP, recently posted in the electronic version of the Information Security magazine, and entitled “Staying Compliant in the Cloud“.
In this article, Mr. Granneman states “…the cloud computing revolution is upon us. It is impossible to ignore the talk everywhere about potential uses and cost savings for this new style of computing. This new computing model also forces a shift in thinking about information security and privacy, as well as compliance. The policies and procedures that information security used in a client-server computing model need to be reviewed and overhauled. This is a new frontier for computing that comes with a new set of risks and organizations need to be prepared.”
We believe this is one of the better written articles on this topic and that this information should be added as required reading for all information security, network security compliance, data security and compliance risk management team members in your organization.
The better protection over all information security related issues to your organization and within your total business continuity planning process, the better prepared your organization will be to face those inevitable cloud computing challenges in the future.
Click here to read this full article. And, if applicable, please pass this information along to those business continuity, operational risk management or cybersecurity preparedness team members in your organization.