Cloud IT with a Chance of Meatballs?
CIOReview
CIOREVIEW >> Cyber Security >>

Cloud IT with a Chance of Meatballs?

Jeff Wright, VP and CISO, Allstate [NYSE: ALL]

Discussions around Cloud computing and related development methodologies like Agile, XP and Scrum have grown to dominate the agendas of today’s technology and business meetings.  Companies are looking to adopt cloud solutions and “re-factor” code that runs major applications in order to be able to reduce the expense associated with traditional data centers, and take advantage of the resiliency and scalability that cloud enabled computing environments can offer. These new methodologies like Agile and XP promise faster development and deployment timeframes with heavy partnership between business and technology teams to iterate quickly from concept to MVP (minimally viable product). But how does the adoption of these new strategies help us in the constantly evolving cybersecurity battlefield?

One point of view might be to worry about what this means to a corporation’s information security profile. It would not be incorrect to consider how the speed, with which applications are being developed or the infrastructure hosting these applications are impacting the overall security posture of the company. Alternatively, you might think that with the likes of IBM, Microsoft and Amazon offering robust enterprise-class cloud services that they have first-hand experience dealing with most sophisticated threat actors, and have developed cutting edge security solutions to bolster your legacy in-house security controls, positioning you a step ahead of those that seek to do you harm.

  A safe and successful leap into cloud based computing requires you to modify the way in which you view your technology assets 

The reality, as it often does, lies somewhere in between. A safe and successful leap into cloud based computing requires you to modify the way in which you view your technology assets. From a perspective often based on silos like storage, server, network and security (to name a few), to a more data-centric architecture where you examine the levels of trust or confidence you want to maintain for certain data elements. 

In the application development space, companies have modified their Software Development Lifecycle (SDLC) to incorporate code scanning tools that evaluate source code for vulnerabilities.  Most have also embraced the practice of performing penetration tests against their applications to identify vulnerabilities before the hackers can exploit them. But how do you scale services like these when code is being developed and deployed multiple times a week as is often the case with the more extreme versions of Agile and XP?

The answers to these and other challenges may lie in a rigorous adoption of standards and the development of patterns to which they are applied. Take for example the Payment Card Industry’s Data Security Standards (PCI DSS); these standards place a high value on preserving the sanctity of payment card information. Countless applications and technology environments have undergone massive re-designs in order to protect the confidentiality of card information from the point at which it’s received from the customer through completion of the transaction.  Applications have been dissected and re-written, databases divided–virtually and physically, pallets of new infrastructure have been integrated in our data centers, and let us not forget about the levels of encryption and tokenization, all in order to enable the safe acquisition and processing of payment card data. Now consider applying this same level of engineering discipline to your complex core business application and you begin to appreciate how a data-centric view of your environment will be critical to the successful adoption of cloud technology.

Relentless adherence to industry standards for technology and development practices, allows for the creation and re-use of patterns in your environment, very much like what’s been done with PCI. These standards-based patterns can then be leveraged by architectures that may be on premise, in the cloud or a hybrid of both.

When security, as viewed from the data element or entitlement level is a principle of these patterns, it becomes part of the DNA of an organization’s technology environment, enabling in many ways for security to match the speed with which business-driven technology solutions are developed in an Agile, cloud based world.

The ingenuity required to achieve this and the integration with key business drivers, if executed properly presents a unique opportunity to re-establish your security footing, ensure more scalable and resilient computing capabilities and perhaps get a step ahead of a threat landscape that is constantly evolving and always moving.

Read Also

Basic And Applied Research In Aerospace Sciences At The Office Of Naval Research

Basic And Applied Research In Aerospace Sciences At The Office Of...

Knox T. Millsaps, Ph.D., SES Director, Division of Aerospace Sciences Office of Naval Research
CRM: The New Center of the Marketing Universe

CRM: The New Center of the Marketing Universe

Ryan Malone, Founder and CEO of SmartBug Media™
Insurance Market is in Full Swing in Tune with the Digital Transformation

Insurance Market is in Full Swing in Tune with the Digital...

Adilson Lavrador, Executive Director of Operations, Technology and Claims, Tokio Marine Seguradora
A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality Assurance Team

A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality...

Jamie Martin, Vice President of Supply Chain and Chief Procurement Officer, Pacific Gas and Electric Company
The Future Of Oil And Gas Industry With Digital Solution

The Future Of Oil And Gas Industry With Digital Solution

Azfar Mahmood, Product Manager, Jeremy Angelle Vice President Digital Solutions at Frank’s International
Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Matthew Harwood, GVP Strategy and Sustainability, McDermott International