Welcome!

Java IoT Authors: Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz, Mehdi Daoudi

Related Topics: @CloudExpo, Java IoT, Cloud Security

@CloudExpo: Blog Post

Staying Compliant in the Cloud Without a Cybersecurity Attorney By @BThies | @CloudExpo #Cloud

Compliance can be achieved without them

Cybersecurity is a complex field, and with laws varying across states and countries, keeping cloud usage compliant can become a real headache for enterprise security decision-makers.

As regulations continue to lag behind the rapid pace of technological advancements, many IT security professionals turn to the expertise of cybersecurity lawyers, who not only understand the ambiguities of the law, but are also able to secure and protect their employers' interests in the case of a breach.

When Is a Cybersecurity Attorney Needed?
There are times when cybersecurity lawyers are essential. Given recent developments such as Edward Snowden's National Security Agency leaks, the exponential growth of the Internet of Things, and the throwing out of Safe Harbor Rules, privacy is an ever-evolving concern for businesses. Every company must ensure the safety of its users' data, and a qualified cybersecurity attorney should review privacy policies and programs to ensure proper compliance.

The use of such legal experts should be incorporated into the incident response plan in addition to having the experts review procedures. When a breach does occur, the public relations team cannot be left to draft communications on its own.

Each state has its own laws on what is required when making a breach public. The laws set thresholds for dollars and numbers of affected records, and even criteria relating to the level of data encryption, to help determine whether a breach must be reported. This means companies have to be careful when disclosing breaches, as poor communication can risk litigation.

Staying Compliant Without One
Cybersecurity attorneys are not necessary, however, for everyday operations. While they play an important role in dealing with specific crises, it is possible for a company's security officials to cope with most situations on their own. Many companies would be better served by hiring someone to manage their information security teams and train up their general counsel to address typical security risks than by spending top dollar on an attorney specializing in cybersecurity.

The creation of an information security plan, for instance, is a task far better suited to IT security professionals and chief security officers than to lawyers, as are decisions regarding cloud strategy. When it comes to ongoing monitoring of the environment and cloud services, unbelievable technologies are available to support information security management and to serve as the eyes and ears preventing a serious compromise of data.

A cybersecurity attorney is not equipped with the experience of running governance programs or of managing risk and compliance activities for all aspects of cloud computing. The CSO must instead take the lead on those.

Performing a Risk Assessment
Before proper compliance can be built into the system, all business risks and technical controls must be reviewed. How mature are the security management practices? Organizations generally fall into three maturity levels:

  1. Basic protocol is the blocking and tackling of security. It is understaffed and lacks reporting metrics, controls, policies, and processes. It may even lack executive support for security budgeting.
  2. Compliance-driven cloud security goes beyond the basic and looks toward compliance frameworks, such as ISO 27001/2, to drive security. This is better but still lacks the focus of a proper and authoritative security system.
  3. Risk-based security is multilayered. It can correlate events, such as security incidents, across multiple disciplines and business environments to rank and respond to them. It uses dynamic information security and IT audit controls to ensure that data are safe, secure, and routinely inspected.

Once the security environment has been assessed and its maturity defined, companies must look to implement a framework that improves security in the following elemental areas:

Source: KPMG LLP's Security Maturity Continuum

Several IT governance, risk and compliance tools can be used when building the best security management programs. These help the system to run smoothly and also aid adaptation to changes in personnel, ensuring that employee turnover doesn't lead to a breach.

Cybersecurity attorneys are still important in times of crisis, but for day-to-day security they are an expensive luxury. Compliance can be achieved without them.

More Stories By Brad Thies

Brad Thies is the founder and president of BARR Advisory, P.A., an assurance and advisory firm specializing in cybersecurity, risk management, and compliance. Brad speaks regularly at industry events such as ISACA conferences, and he is a member of AICPA's Trust Information Integrity Task Force. Brad's advice has been featured in Entrepreneur, Cloud Computing Journal, Small Business CEO, and Information Security Buzz. Prior to founding BARR, Brad managed KPMG's risk consulting division. He is a CPA and CISA.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...