November 21st 2013
As the business technology landscape evolves and employees continue to leverage cloud computing and mobile devices with fewer concerns, business leaders must be sure service provider capabilities align with user and corporate expectations. Cybercriminals and other malicious individuals are no longer only targeting premise-based networks, especially as executives familiarize themselves with cloud environments and use those architectures to house increasingly complex information.
Dark Reading recently highlighted the importance of bracing for cloud breaches through comprehensive planning procedures. Today's data protection plans must go beyond technological inadequacies and focus on policies. This means that executives should be aware of their own compliance requirements as well as the service provider's legal obligations.
"The key here is to plan ahead," said Kristy Westphal, information security officer with secure payment processing firm Element Payment Services, according to Dark Reading. "You need to know what is in your contract, what you can get access to and what you are on the hook for."
A lot of the time, organizations only defend themselves against hacks and other cybercrime and neglect to think about the aftermath. If businesses do not factor in their own legal liabilities, they may find themselves facing unnecessary complications beyond the realm of IT.
Keeping compliance center stage
A recent Gartner report highlighted how compliance is no longer the primary factor in most corporate information protection programs. While this shows that business leaders are beginning to look beyond conventional risk management concepts, it also means that executives may be neglecting a critical component to their security initiatives: legal repercussions.
"Organizations must change this reactive, check-the-box mindset and start viewing compliance as a risk," said John Wheeler, research director at Gartner.
Compliance is especially important in the age of cloud computing, as migrating confidential resources to an off-site environment means that companies will lose at least a little bit of control over those assets. Westphal told Dark Reading that businesses need to know who has access to the cloud and what their responsibilities are, which will require significant planning prior to launch.
As enterprises around the world continue to pursue cloud, mobile and other computing technologies to optimize performance, reduce costs and remain competitive with rival firms, business leaders must keep compliance in the forefront of security initiatives. While suffering a breach can be devastating, firms that also have not taken legal responsibility into account will experience those repercussions much more dramatically.