ComplianceJanuary 13, 2023

Cybersecurity in cloud computing: five things to know

By: Greg Tatham and Anthony Oliveri

Ensuring robust cybersecurity in cloud computing is about more than deploying technologies and creating security policies. It's also about creating a culture among employees that makes protecting digital assets second nature in their day-to-day work. 

C-level business executives, in collaboration with chief information officers (CIO) and chief information security officers (CISO), have a pivotal role to play in creating that culture. It's beneficial for the organization and can help build and maintain trust with customers and business partners. If you're looking for ways to make your organization more secure, keep these five things in mind. 

1. Cybersecurity in cloud computing is a shared responsibility 

Your cloud service provider's responsibility for security has limits, so it's important to know where theirs ends and yours begins. Good cybersecurity in cloud computing first requires taking full advantage of the suite of security-related features and capabilities available in your chosen cloud platform. The organization's IT team, not the cloud service provider, is responsible for staying on top of housekeeping processes such as removing user credentials when an employee leaves the organization and controlling access based on job roles. Per Mohammed Lazhar, Vice President & Chief Information Security Officer, Wolters Kluwer, “We are implementing a sustainable strategy based on comprehensive education, highly skilled security staff, advanced solutions, and measurable continuous improvement. Through programs like regular learning, regular stress test exercises that help our teams predict and detect threats, table-top security response exercises, and automation, we set a strong tone from the top to instill a culture of responsibility and vigilance for all 19,000+ employees.”  

It's also critical to address any internal software application vulnerabilities through rigorous secure-by-design principles and processes as part of the overall software development life cycle. Our innovative approach to integrating security into our cloud-based product development process is one way our teams are putting this into practice; learn more about our award-winning program here.  

2. Cybersecurity intersects with compliance and privacy 

It's well understood today that data has tremendous requirements around security and confidentiality, and that goes beyond what businesses have traditionally considered sensitive information, such as customer transactions, tax filings, and intellectual property.  Your business must also act as a conscientious custodian of the personal data you store. Not only could your business face regulatory and litigation penalties for failing to meet those custodial obligations, but it may also suffer a loss of trust from partners and customers — arguably your most valuable currency.  Per Saskia Sjardin, VP & Corporate Privacy Officer, Wolters Kluwer, “Privacy laws and regulations require businesses to focus on the way your personal data is processed and the implementation of adequate security measures. Privacy and security go hand in hand and have become the concern of senior executives and corporate boards as well, given the potentially severe and far-reaching consequences.” 

3. Good cybersecurity should be omnipresent yet unintrusive 

Without a solid security posture, your business could become disrupted enough that it can't meet obligations to customers and partners. Ideally, security shouldn't inhibit operations or productivity, so streamlining access is important, but it's critical that any access to applications and data is dictated by job roles and strong security policies. When building your own applications and services, adopt a "shift left" approach that integrates security and testing into each phase of the product development process, enabling you to build secure-by-design products for your users and customers. It can simultaneously strengthen your cybersecurity posture and operational controls. As such, segmented access to applications and data by job role should guide security policies. 

4. Your CIO and CISO should sit at the executive table 

Effective and robust cybersecurity requires every member of an organization to invest time and energy. It also means understanding potential threats to business continuity at the highest levels. Your executive team, as well as the board of directors, must be aware of these threats and commit serious resources to manage the risk. As such, it's essential to provide a prominent place for your CIO and CISO at the table for continual information flow. As executive teams and board members lead the organization through digital transformation, remember that more of your business is getting exposed to digital threats. In this world, cybersecurity is no longer just something that "IT can take care of." 

5. Effective leadership and cybersecurity start with you 

Executives can foster good security hygiene by highlighting and modeling best behaviors and creating a culture around them where cybersecurity is everyone's business. In other words, we should "walk the talk." The C-suite must personally prioritize cybersecurity and go the extra mile by being aware of and demonstrating secure practices in all their daily actions, like using strong passwords and multifactor authentication. If you take shortcuts around security policy, so will your employees. 

User education and behavior are critical for the safe use of cloud-based products and services. Executive leadership — ideally, the CEO — should send regular messages through emails or corporate newsletters about the important role cybersecurity plays in maintaining the health of the business. As businesses digitize their operations, physical barriers to inadvertent data leakage disappear, making it all the more important to establish secure digital barriers. 

Maintaining robust cybersecurity in cloud computing is equally about cultural transformation. Executives must lead this transformation by articulating clearly and regularly that a strong security posture that applies best practices in cybersecurity is an ongoing, long-term goal of the organization and fundamental to business success. 

 

Access more topics on Cybersecurity and Privacy from Wolters Kluwer:

https://www.wolterskluwer.com/en/expert-insights/software-development-and-security-are-a-winning-combination

Find more resources on data privacy week & cybersecurity awareness month:

https://staysafeonline.org/resources/how-to-get-involved-in-data-privacy-week-2023/

https://cybersecuritymonth.eu/

https://www.cisa.gov/cybersecurity-awareness-month

Greg Tatham and Anthony Oliveri
Back To Top