As organizations continue to embrace cloud computing, many are realizing that existing IT governance practices don’t always adapt to the more dynamic nature of cloud. As a result, many organizations struggle with these changes. Properly assessing, deploying, securing and managing cloud services is not a simple task — even when IT is doing it, much less when business units attempt it. Cloud security continues to be one of the most requested core topic coverage areas for the Security Technology and Infrastructure Initiative. This is due to the constant drive for organizations to move their infrastructure to the cloud, and security concerns are at the top of the list. An additional challenge with cloud security is there is a constant growth of technologies, strategies and new vendors.
Overall, IT is ideally suited to drive conversations about the risks of moving from traditional models toward more agile approaches, as well as how to best protect the organization as a whole — regardless of where technology is acquired and consumed.
There are multiple approaches to security architecture, including the uses of frameworks and methodologies to support design and implementation steps. A typical example of security architecture methodology is SABSA, and a useful framework to help with architecting in the cloud is the NIST Cybersecurity Framework.
Byrex Governance framework can help your organisation to design and develop cloud security, governance, operating models that embrace shared accountability between the business and IT, and part of that discussion must include conversations about the structure of the organization at the highest levels. Discussions about decision rights, authority/autonomy and corporate performance are not easy topics to work through for an organization.