For as long as we can remember, the concept of control has rested comfortably in physical location and ownership. It’s simple, if you could see something or you knew exactly where it was, it would be easier to assume that you’d have some measure of control over its security.
With the move to the cloud, however, the idea of security by proxy is changing rapidly and our approach needs to follow the same trajectory.
The Gartner CISO Playbook dispels the myth that security and risk management leaders should be concerned that moving to the cloud means relinquishing control.
The shift does, however, require security leaders to embrace a new mindset and refocus their priorities towards:
At the same time, security leaders need to understand that some ownership of the underlying platform will naturally have to change.
All models of cloud — IaaS, PaaS, SaaS — invoke a shift of responsibility away from IT departments towards data and application owners. That’s not necessarily a bad move though, as it represents an opportunity to exercise indirect control instead.
Gartner’s CISO Playbook sets out three core areas of impact and makes a set of recommendations that security and risk management leaders should consider for sustained success in this changing environment.
Interested? Access the Playbook here.