CHIEF information security officers (CISOs) are the kind of experts that organizations — both private and public — sorely need.
But they are not easy to find.
The digital world sorely lacks them to make sure organizations’ cybersecurity infrastructures and platforms are in place and in step with the ever-increasing and -present threats from the online bad guys, a.k.a. cybercriminals — state or non-state actors.
So, what CISOs do for their respective organization?
From Kaspersky Lab, here are their tasks:
- Development and definition of security-relevant, business-specific objectives, threats and risks, as well as the resulting security goals.
- Establishment and operation of an organizational unit to implement these security objectives
- Creation and update of processes, security manuals, and security guidelines on an organizational and technical level.
- Performance of advisory role to the other business units, consulting with them, as well as with relevant external sources and experts.
- Auditing of functional units on the state of implementation and further development of security regulations.
- Creation of employee security awareness through training and campaigns
Definition of security-relevant business processes and selection of security services and solutions.
- Management of cybersecurity operations.
Needless to say, every CISO has to be equipped with certain qualifications to match up with their myriad tasks.
“In order to fulfill the Chief Information Security Officer position, the CISO must know the company’s processes, internal culture, and key employees, and be involved in all projects that might influence the security exposure of the company,” the Russian global cybersecurity company pointed out.
A survey conducted in 2018 by Kaspersky Lab involving 250 security directors from around the world showed that they have acknowledged being in a “catch up” situation vis-a-vis cloud adoption, which is considered the “biggest security risk to business,” Kaspersky Lab found out.
Let’s hear it from Kaspersky Lab:
Cloud adoption is in full swing, with the latest IDG data showing that 73% of enterprises have at least one application, or a portion of their computing infrastructure, already in the cloud. But apparently that’s not enough – because the data also shows that IT departments are feeling the pressure to migrate 100% to the cloud.
It’s clear that change is happening, and fast, but it is not without risk. After surveying more than 250 IT security leaders, Kaspersky Lab has discovered that uncontrolled cloud expansion is the top security concern for more than half (58%) of CISOs.
A chief information security officer (CISO) is regarded as the ‘conductor’ in an organization, the one who orchestrates delivery of information and ensures security. They are a breed that businesses sorely lack. More are needed. (Image: Kaspersky Lab)
What hybrid cloud brings
By using multiple cloud platforms within a hybrid cloud infrastructure, businesses can deliver their products and services faster, optimize their performance, and improve the reliability of their services. However, despite its advantages, cloud computing, especially when the cloud infrastructure is hosted by a third-party, may also bring additional cybersecurity challenges.
A data breach from an incident in the public cloud costs an enterprise, on average, $1.64m. So, while an organization’s overall IT infrastructure becomes heterogeneous with cloud, CISOs are facing more headaches to keep their data secure and protect company finances as a result.
Managing complex IT environments becomes even more difficult due to a lack of talent — another challenge for corporate cybersecurity. Hybrid cloud adoption requires specialists with the necessary skills to configure and manage security for all parts of the IT infrastructure. For CISOs it results in staffing constraints: more than a third (38%) claim it is difficult to recruit specialists to cope with this ‘cloud zoo’.
Against this backdrop, CISOs need a single solution that not only provides them with a high level of security, but also ensures the business’s cybersecurity layer is visible and can be managed across the whole cloud infrastructure, even by a limited cloud security team.
Benefits from cloud implementation
“There’s no denying that with the business benefits it brings, cloud is a key part of the strategic digital transformation journey for many enterprises. The use of cloud is growing fast, and businesses are not going to be put off adoption because of security concerns. It’s therefore vital that resilient security is also quickly and effectively implemented, to support this rapid adoption,” explains Maxim Frolov, vice president of Global Sales at Kaspersky Lab.
“Safeguarding data and workloads in the cloud environment, in addition to supporting the native security capabilities of a cloud platform is crucial,” continued Frolov.
“Protection layers should, therefore, include: the capability to monitor application behavior and ban any suspicious activity; prevent exploits by using the latest threat intelligence; and find and automatically patch vulnerabilities, to safeguard data and workloads moving across cloud infrastructure, from threats. The best solutions also provide orchestration capabilities, so that IT teams can control what workloads are being accessed and processed, on and off-premise.”
Kaspersky Hybrid Cloud Security builds on Kaspersky Lab’s extensive experience and keeps businesses secure by protecting applications and data in physical, virtual, and cloud workloads. Kaspersky Hybrid Cloud Security provides API-based integration with Amazon Web Services (AWS) and supports the Microsoft Azure cloud platform, allowing customers to securely move data and applications across their IT environment.
It also provides a unified management and security orchestration console to manage IT security on-premise and in the cloud — which partially alleviates the problem of a lack of personnel. (Kaspersky Lab/EKU)