As enterprises undergo business transformation, security and compliance challenges loom large. The move to public cloud, combined with the increase in remote working, have expanded the security perimeter well beyond the traditional boundaries of on-premises data centres and networks, putting data and applications at greater risk from threat actors.
A growing number of high-profile breaches has prompted greater regulatory scrutiny about how organisations are protecting data, and where that data resides. Cloud and increasingly complex hybrid environments are compelling organisations to think differently about security and compliance.
The Cloud Right approach
Using a Cloud Right™ approach, organisations can evolve their security approach to address new platforms, new technology and new capabilities that their existing approaches may not be able to properly protect. The focus on protecting locations and devices needs to shift to protecting the data itself. Data-centric security requires organisations to discover and classify data — identifying sensitive data, where it resides, how it flows through the company, and where the vulnerabilities lie.
The focus on protecting locations and devices needs to shift to protecting the data itself.
Security professionals should be involved early in the planning process. Enterprises need to embrace DevSecOps, with security woven into the IT landscape. Mixed teams should be established that have all the needed capabilities, including developers, security professionals and infrastructure experts. Adopting the mixed team way of working applies not only to cloud, but also to hybrid and on-premises environments.