E R T N
P
X
E INIO
OP
Data is where much of enterprise
value resides
Businesses are data generation
powerhouses. Failing to protect and
watch data can be costly – and can, in
fact, harm an organisation’s value.
As systems
and companies
become more
complex, relying
solely on multiple
passwords for
identity confirmation
becomes difficult
and risky.
www.intelligentciso.com
|
Issue 20
Review the access control models for
any Infrastructure-as-a-Service and
SaaS applications and consider using a
cloud access security broker (CASB) to
identify and classify data and files.
Use a CASB in combination with
enterprise digital rights management to
extend controls over the entire enterprise,
regardless of where the data lives.
New products or services
development is a focus
for companies
Companies are developing new products
and services to gain competitive
edge and are leveraging emerging
technologies, which are highlighting new
business opportunities.
With an increasing need to go to market
faster, DevOps processes can run afoul
of security protocols.
Automation can help achieve the ultimate
goal of DevSecOps, where security is
built into the beginning of the process
with no negative impacts.
Consider automation options such as
interactive application security testing,
a machine-based solution that enables
you to observe the behaviour of an
application from the inside. Your team
can then piggyback security testing onto
the quality assurance testing and avoid
using a single security test case.
Within these mission-critical priorities,
security and risk management leaders
must prioritise what they want to handle,
what other teams can reasonably do and
what doesn’t warrant time or attention.
Security teams must also consider how
automation can be integrated into systems
and how it can reasonably be used within
a CARTA approach to security.
“To orchestrate and champion value
protection and empower value creation,
our job is to recognise and manage
the tension, and find our place on the
automation continuum,” Mahdi added. u
43