Cybersecurity is nothing new, but as our collection of data continues to grow, so does our cyber risk. A good cyber strategy includes managing cyber risk, cyber resilience and data governance. While years ago the function may have been relegated to someone in the IT department, we now know that the companies that best manage their cybersecurity risk are those that have the C-suite and the board engaged so that they’re asking the right questions and having the right discussions. A good cyber strategy includes managing cyber risk, cyber resilience and data governance.
Cyber risk: Rather than strictly focusing on prevention, you should evaluate what the right risk tolerance is for your organization. This will include determining your risk appetite, evaluating the likelihood of threats, consequences and the impact to your business, understanding risk exposure, your risk tolerance, what cybersecurity controls framework is needed and how to measure its effectiveness.
Cyber resilience: While you always hope it will never happen, it’s very possible that your company is going to get breached. Being prepared to respond rapidly and effectively when it happens is critical to your cybersecurity program.
Data governance: Data privacy and protection laws are continuing to change globally. Recent changes to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), influenced by Europe’s General Data Protection Regulation (GDPR), will make it mandatory for Canadian organizations to report personal data breaches as of 1 November 2018. These changes make cybersecurity and managing your data securely more important than ever before.
Migrating to the cloud: critical success in cloud security
According to our recent Global Information Security Survey 2017-18, of the 1,200 companies surveyed, 87% say they require a bigger cybersecurity budget, yet only 12% will get the budget they need to secure their data.
With businesses creating ever increasing amounts of data, the cost and ease of acquisition makes the cloud an attractive solution for many organizations. It’s the underpinning of a digital transformation strategy and will help you get closer to your customers, build interactive experiences, get to market faster and positively impact your bottom line.
Where are Canadian companies in their digital transformation journey?1
According to a recent poll of CISOs, CIOs and others responsible for cyber and cloud security, many companies are still hesitant that cloud providers are able to sufficiently protect their data.
The cloud can be more secure than traditional infrastructure if done right
By 2021, it’s estimated that 94% of global applications and workloads will move to the cloud. While cloud breaches may continue to happen, building a proper plan to implement your secure cloud strategy will be key to the success of your move to the cloud.
Top 5 success factors when moving to the cloud
|1||Visibility into all projects, initiatives and cloud applications used in the organization. This includes aligning the CIO, CISO and other senior executives on your cloud framework; agreement on what’s required; and coordinating your cloud plan with your cybersecurity program. A leading practice is to assemble a steering committee represented by each line of the business that defines the adoption of cloud applications, builds a framework to do it securely and clearly defines how to protect the business.|
|2||Build an effective governance, regulatory, and threat risk assessment (TRA) model for the cloud, and be agile enough to adjust accordingly. A cloud strategy must formally document the purpose and benefits expected to be derived from the cloud implementation. This strategy then informs how the design and implementation should unfold.|
|3||Identity and access management. This is a core function of any cloud strategy and must be done correctly from the start. Incorporating appropriate security will include multi-factor authentication to build your new perimeter of data security.|
|4||Data protection (encryption/tokenization). When using a SaaS provider, it’s important to retain control of the identity of who has access to the application and data protection. This way, if the SaaS application is compromised, encryption or tokenization will prevent an attacker from accessing the data they’re looking for.|
|5||Effective contract management, including security provisions and exit procedures to leave a cloud provider if required. Cloud providers should be thought of as an external third party or outsourcer. Part of your due diligence should include assessing and monitoring third-party risk and tying it into your cybersecurity program.|
To learn more, read our complete report.
- 1. Survey results are based on responses from a recent EY breakfast in Toronto held May 2018 of CISOs, CIOs and others responsible for digital transformation programs at their organizations. Attendees represented a variety of industries.
Let’s explore how we can help you implement and improve your cyber and cloud security programs.
Contact one of our leaders:
+1 416 932 5902