The CISO Conundrums, Part 2: Digitalisation – Cloud Migration & Data Security

January 16, 2020

Digital transformation is no longer a mere catch-phrase for businesses. It’s becoming an organisational undertaking among businesses that strive to be agile and competitive. In a 2018 Tech Pro research survey, 70% of survey respondents said that their companies either have a digital transformation strategy in place or are working on one.  

Digitalisation initiatives are part of digital transformation, and they can impact areas of a business such as its data, applications, as well as marketing.

In Part 2 of our 4-part “The CISO Conundrums” series, we explore data security challenges with cloud migration, a digitalisation initiative—which puts CISOs on the hot seat.

 

The case for cloud migration

Cloud migration is the process of moving data, applications or other business elements to a cloud computing environment, usually from on-premises or legacy infrastructure.

The benefits of the cloud include scalability, flexibility, lower costs, and  increased performance. Increased performance, for example, could include improvements in customer experience—housing data in cloud data centres helps to optimise processing of very high volume of data with minimal delay, resulting in reduced latency—compared to housing data in various on-premise servers.

As digital transformation unfolds, however, data security is playing catch-up instead of transforming in parallel. The more a digitalisation initiative like cloud migration happens, the more digital footprint there is, and the more potential attack surfaces—apps, users, cloud deployment, and of course, data—that come with it.

MuleSoft’s Connectivity Benchmark Survey found that 97% of IT decision makers are involved in digital transformation initiatives at their respective organizations. CISOs are very much involved and responsible to ensure data security with cloud migration. And it becomes more challenging for them in heavily regulated industries like financial services and healthcare, where a lot of personal data is involved.

Data protection

In Europe, the General Data Protection Regulation (GDPR) has set a new standard for European consumer rights about protecting their personal data. Other regions in the world are catching up in terms of personal data protection regulations.

IT teams in companies are facing compliance pressures in terms of data security, or infosecurity, which is about safeguarding personal data from being leaked or stolen. 

Data governance

Data governance and infosecurity come together like two peas in a pod to achieve data protection.

While infosecurity works to prevent hackers from stealing data, or detect vulnerabilities to “plug” data leakages—in turn making data safe, data governance in an organisation is put in place such that the right people have the right access, to ensure these safe data are accessible across the organization in a controlled manner.

Clearly, there is a price to pay as businesses undergo digital transformation to deliver better value to their customers—there’s a lot of work to be done by CISOs and infosecurity teams here. With the huge power of cloud computing, comes the huge responsibility of protecting data the in cloud.

You may also be interested in: 

The CISO Conundrums, Part 1: People and Culture

 

For more updates like this, follow ICE71 on our web and social channels.