INTELLIGENT BRANDS // Enterprise Security
Are CCSPs increasingly required in
the boardroom?
organisation’s current cloud security
posture, engineer security controls,
advise on future architecture and service
provision, provide recommendations
for vulnerability remediation and
risk reduction, and/or develop secure
cloud-based applications and platforms.
Given that cloud technologies are
still relatively new, CCSPs can spend
considerable time on the assessment of
new security technologies, automated
solutions for cloud delivery, container,
and microservice technologies for large-
scale cloud environments, and the like.
Cloud is now a discussion among C-suite
executives and the board of directors,
who are coming to understand that
without cloud, an organisation cannot
fully deliver on a digital transformation
strategy. Findings from our Cloud
Security Spotlight Report 2017 show
that 76% of organisations are currently
implementing or in active production
of new cloud environments (either in
planning or trial stages) and that 100%
of organisations are using cloud in some
way as part of a strategic endeavour to
deliver growth; business agility and/or
reduce cost.
The recent announcement from
Amazon Web Services (AWS) of
its intention to launch a hub in
the Kingdom of Bahrain in 2019
demonstrates the strength of interest
in the Middle East Region. “We see the
region as ripe for digital transformation,”
said Khalid Al Rumaihi, chief executive
of the Bahrain Economic Development
Board. “We wanted [AWS] to look at the
Middle East now, not in three to four
years.” News reports of the launch cite
research firm Gartner’s forecasts for
public cloud services in the Middle East
and North Africa to reach $1.2bn this
year, up by more than 22% from 2016,
and for $2b by 2020.
Properly qualified professionals will be
paramount to sustain such ambition.
CCSPs are becoming an emerging
voice within IT and the business. They
increasingly find themselves responsible
for significant projects, migrating to
or advising on the integrity of major
implementations to support core
operations, including sales, office
systems, and the like. They must be
able to communicate effectively with all
stakeholders, and be able to articulate
the relevant concepts to non-technical
teams and executives.
What are the biggest issues
facing CCSPs?
Faisal Malik of (ISC)² says: “The
baddies are very good at pushing
the button. Getting it wrong can
result in a loss of governance, huge
fines linked to data breaches, loss of
customer trust, reputation damage
and more”
of people with knowledge and skills in
security. As more workloads move to
the cloud, it is increasingly recognised
that current security tools and controls
are not designed for the unique
challenges cloud adoption presents -
the varied architectures and levels of
access, for instance - and that security
management and solutions must be
designed specifically for a new agile
working environment.
Pressure is also coming from
governments and regulators concerned
about security and particularly data
breaches whether they are related to a
cloud environment or not. As a result,
concerns about cloud security remains
high, particularly when it comes to data
security: the top three concerns reported
in our Spotlight Report included:
protecting against data loss (57%),
threats to data privacy (49%), and
breaches of confidentiality (47%).
Why is cloud security an ever-
growing challenge? What are the main functions of
a CCSP?
An organisation’s reliance on cloud
computing can often be the outcome
of varied initiatives that haven’t
always benefited from the oversight CCSPs can find themselves covering
a wide range of duties that include
working closely with product and
platform teams to assess their
64
INTELLIGENTCIO
powered by
According to the Spotlight Report,
unauthorised access through misuse
of employee credentials and improper
access controls continue to be the single
biggest threat to cloud security (61%).
This is followed by the hijacking of
accounts (52%) and insecure interfaces/
APIs (43%). The latter underlines that
organisations are grappling with a need
to become fully aware of the extent
to which cloud applications reach into
their organisations. A smart phone’s
location app, cloud-based file storage
or file transfer services can create
vulnerabilities, while the explosion of
connection points from coffee pots,
trucks, and even herds of livestock
coming with the internet of things (IoT),
opens new channels to companies’
systems and data, ostensibly in the
name of improved service or efficiency.
What are the consequences of
getting cloud security wrong?
The baddies are very good at pushing
the button. Getting it wrong can result
in a loss of governance, huge fines
linked to data breaches, loss of customer
trust, reputation damage and more. Our
reliance on cloud computing continues
to grow in volume, variety, and strategic
importance, while expectation for
getting it right from customers and
legislators is developing rapidly.
Companies can embrace recommended
best practices, security standards and
the common lexicon maintained by the
practicing community by
working with credentialed cloud
security professionals. n
www.intelligentcio.com