
Cloud IT with a Chance of Meatballs?

.jpg)
Jeff Wright, VP and CISO, Allstate [NYSE: ALL], Jeff Wright is Vice President and Chief Information Security Officer for Allstate Insurance Company. In this role he is responsible for the enterprise... More >>
Discussions around Cloud computing and related development methodologies like Agile, XP and Scrum have grown to dominate the agendas of today’s technology and business meetings. Companies are looking to adopt cloud solutions and “re-factor” code that runs major applications in order to be able to reduce the expense associated with traditional data centers, and take advantage of the resiliency and scalability that cloud enabled computing environments can offer. These new methodologies like Agile and XP promise faster development and deployment timeframes with heavy partnership between business and technology teams to iterate quickly from concept to MVP (minimally viable product). But how does the adoption of these new strategies help us in the constantly evolving cybersecurity battlefield?
One point of view might be to worry about what this means to a corporation’s information security profile. It would not be incorrect to consider how the speed, with which applications are being developed or the infrastructure hosting these applications are impacting the overall security posture of the company. Alternatively, you might think that with the likes of IBM, Microsoft and Amazon offering robust enterprise-class cloud services that they have first-hand experience dealing with most sophisticated threat actors, and have developed cutting edge security solutions to bolster your legacy in-house security controls, positioning you a step ahead of those that seek to do you harm.
A safe and successful leap into cloud based computing requires you to modify the way in which you view your technology assets
The reality, as it often does, lies somewhere in between. A safe and successful leap into cloud based computing requires you to modify the way in which you view your technology assets. From a perspective often based on silos like storage, server, network and security (to name a few), to a more data-centric architecture where you examine the levels of trust or confidence you want to maintain for certain data elements.
In the application development space, companies have modified their Software Development Lifecycle (SDLC) to incorporate code scanning tools that evaluate source code for vulnerabilities. Most have also embraced the practice of performing penetration tests against their applications to identify vulnerabilities before the hackers can exploit them. But how do you scale services like these when code is being developed and deployed multiple times a week as is often the case with the more extreme versions of Agile and XP?
The answers to these and other challenges may lie in a rigorous adoption of standards and the development of patterns to which they are applied. Take for example the Payment Card Industry’s Data Security Standards (PCI DSS); these standards place a high value on preserving the sanctity of payment card information. Countless applications and technology environments have undergone massive re-designs in order to protect the confidentiality of card information from the point at which it’s received from the customer through completion of the transaction. Applications have been dissected and re-written, databases divided–virtually and physically, pallets of new infrastructure have been integrated in our data centers, and let us not forget about the levels of encryption and tokenization, all in order to enable the safe acquisition and processing of payment card data. Now consider applying this same level of engineering discipline to your complex core business application and you begin to appreciate how a data-centric view of your environment will be critical to the successful adoption of cloud technology.
Relentless adherence to industry standards for technology and development practices, allows for the creation and re-use of patterns in your environment, very much like what’s been done with PCI. These standards-based patterns can then be leveraged by architectures that may be on premise, in the cloud or a hybrid of both.
When security, as viewed from the data element or entitlement level is a principle of these patterns, it becomes part of the DNA of an organization’s technology environment, enabling in many ways for security to match the speed with which business-driven technology solutions are developed in an Agile, cloud based world.
The ingenuity required to achieve this and the integration with key business drivers, if executed properly presents a unique opportunity to re-establish your security footing, ensure more scalable and resilient computing capabilities and perhaps get a step ahead of a threat landscape that is constantly evolving and always moving.
ON THE DECK
Featured Vendors
Adirondack Information Security LLC: Effective and Affordable Cybersecurity Consulting For All Businesses
LBMC Information Security: Fortifying Your Data with Real-Time Monitoring and Dedicated Professionals
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Why Every CISO Should Develop a Secure Software Supply Chain?
Are Your Value Props Still Relevant in the Changing Market?
Building and Maintaining a Risk Averse Security Program
The Race to Digitize the Insurance Industry
FinTech Down, "But Not Out"
The Softer Side of Directing Digital Transformation
