According to to Myles Hosford, Head of Security Architecture, ASEAN, AWS, members of the C-suite are increasingly recognizing the importance of the unmatched security defences the cloud offers. From director to Chief information Security Officer (CISO), business leaders understand how cloud security services and strategies keep data safe, and protect organizations.
With business leaders now invested, clouds security creates a secure, agile, and flexible infrastructure in which to operate and navigate the changing business landscape. However, there is always room for organizations to do more when it comes to security. For instance, investing in talent, focusing on retaining the most experienced cloud security experts, and prioritizing resources to ensure security and efficiency.
But every business is different. The C-suite need to learn from each other and lead from the front, to make sure they have the cloud security solutions in place that will scale and grow with their business.
It’s not just a CISO decision
CISOs control the technical aspects of their security programs. However, responsibility for broader security initiatives span the whole business. Top C-suite decision-makers, such as Chief Executive Officers (CEOs) and Chief Financial Officers (CFOs), need to be involved in these strategies from the beginning. Have processes in place to inform them quickly if a breach occurs, and to take an active role in managing the recovery process, and minimizing the impact.
Around the world, governments are mandating all companies to comply to stricter data rules and regulations. In the European Union (EU), the General Data Protection Regulation (GDPR) is a law on data protection and privacy for individuals within the EU and the European Economic Area (EEA). This also addresses the export of personal user data outside the EU and EEA. In the Philippines, there is Republic Act No. 10173, also known as the Data Privacy Act (DPA) of 2012. The DPA lays out a set of requirements designed to protect personal user information in both government and private organizations.
Every boardroom executive in the Philippines must understand that the GDPR and DPA has the power to influence an organization’s financial health and ultimately, the bottom line. Therefore, the board must take collective ownership over managing compliance. When choosing a cloud provider, they must take joint responsibility for discerning which partners they can trust to support their GDPR and DPA compliance efforts. After all, under both the GDPR and DPA, businesses will be held responsible for keeping data secure, not only on their own structures, but on those of their suppliers and partners. A unanimous C-suite decision on a cloud provider is therefore key to pre-empt problems and to lead the business forward with a clear cloud security and compliance strategy.
Today’s fast-evolving security landscape encourages organizations to invest heavily in cloud security defences. It also makes individuals, at all levels, increase and develop their knowledge on how to protect data in the cloud.
Organizations with an ear to the ground will aim to protect every asset, often focusing on the most prevalent threat at any given time. This is where the C-suite steps in by having visibility over the entirety of the organization and its future direction, business leaders ensure that the right resources are in the right places to keep data safe. From prioritizing a team’s focus, to understanding the complexity of data within the network, and sharing valuable information on industry-standards for safeguarding information in the cloud or data centers, it is this collaboration across the security teams and the C-suite that will help protect against threats. Again, this is where cloud providers can support by providing services, processes, and advanced technology, such as encryption, to protect all data held in the cloud.
Educate the board and business
True security goes beyond how secure a company makes its systems and data. The C-suite has realized the importance of cybersecurity within the business, will play a proactive and collaborative role in setting the security strategy.
At Amazon Web Services (AWS), equipping our customers with knowledge is a key part of optimising their security defences. We help them to understand cloud security services and technology so they can build solutions that protect the organization whilst supporting innovation and growth. By educating the whole workforce on the benefits of cloud and cybersecurity tools, every employee gains ownership over cybersecurity processes. They, therefore, know how to confidently execute strategies. We believe that, in a digitally connected society, to continue to grow and remain competitive, businesses need to invest more in cloud-based security skills and innovation.
Retaining and securing cybersecurity talent
Compliance with the DPA requires the appointment of a Data Privacy Officer. So there is healthy competition in security to attract the best tech talent. Organizations, therefore, need to think about the benefits they offer holistically, from their pay and benefits package to the opportunities for progression. Embracing cloud technology can also help to attract and retain talent; the best cloud platforms automate the heavy lifting around security so staff can focus on the more interesting aspects of the job. In a competitive talent market, organizations must keep their standards high, but balance career advancement opportunities with perks tailored to the individual.
Security starts at the top
Security success lies in having dynamic functional leadership that unites the business and leads from the front. Therefore, it is promising that cloud security has become a focus for the entire board. After all, it is about understanding the entirety of the business. It is about prioritizing resources, investing in the right technology, and retaining talent that will allow a company to drive forward a digital agenda that will keep data safe. By working together and having a clear vision, underpinned by a flexible and agile cloud such as AWS, any business can maintain competitive advantage and differentiation. This begins and ends in the boardroom.