Governing cloud security and privacy in the enterprise is hard, but it’s also critical: As recently noted in a blog by Cloud Transformation Specialist Brooke Noelke, security and complexity remain the two most significant obstacles to achieving enterprise cloud goals. Accelerating cloud purchases and tying them together without critical governance has resulted in many of today’s enterprise security executives losing sleep, as minimally secured cloud provider estates run production workloads, and organizations only begin to tackle outstanding SaaS (Software as a Service) footprints.
For security professionals and leaders, the on-premise (or co-location) data center seems simple by comparison: Want to protect applications in the data center? By virtue of the fact that it has a network connection in the data center, there are certain boundaries and processes that already apply. Business unit leaders aren’t exactly standing by with a credit card, trying to load tens of thousands of dollars of 4U Servers, storage racks, and a couple of SAN heads and then trying to expense it. In other words, for a workload in the data center, certain procurement controls must be completed, an IT review established, and implementation steps forced before the servers “light up”—and networking gates must be established for connectivity and publishing.
When it comes to the cloud, however, we’re being asked to fulfill new roles, while continuing to serve as protector of all the organization’s infrastructure, both new and existing. Be the rule setter. Contribute to development practice. Be the enforcer. And do all of this while at the same time making sure all the other projec ..
Support the originator by clicking the read the rest link below.
