Love or hate technology advancement, you can’t deny that in a relatively short space of time, your options as a business have progressed significantly. And information security is no exception to that. At this moment in time, there are a multitude of ready-to-use offerings out there, making high quality solutions available at a scale and price suitable for any business. You might even call it a “Golden Age” of security. The downside? Your legacy infrastructure.
As a new business, you would effectively have a blank slate and could take full advantage of a cloud-first strategy, getting all the latest security tools built into your infrastructure for free and without any of the hassles of the on-premise legacy that other companies have to deal with. But, as a more established business, how can you tap into the benefits of modern-day information security tools and balance that out with the systems you already have in place?
Well, a key win here is that these newer cloud-based introductions allow you to start streamlining your setup with a relatively low investment of resources. You have the ability to implement collaboration tools, anonymous login detection and secure filing structures instantly. So, while there may still be a lot of work to do to move your legacy systems into a more agile setup, you can start modernising and benefit from the efficiencies and compliance gains at a different level, as all that work goes on at its own pace behind the scenes.
Start by understanding the basics you need to get right here and hone your cloud footprint from the beginning. I recommend you focus on the follow three points to set you on the right path:
1) Make sure you have visibility and understanding of the cloud services you are currently using or planning to use. Create an inventory and keep the infrastructure simple
2) Build on that by ensuring you know which data you have stored in which cloud service. The greater your knowledge of your information landscape, the less likely you are to be taken by surprise
3) Create an authentication strategy for your infrastructure and stick to it. If a cloud provider can’t meet those authentication requirements, then they’re not the right supplier for you
These steps might seem simple, but they are absolutely essential in keeping your business-critical data secure.
You should also remember that you and your team are your biggest security asset. It’s the way you approach information security within your business that determines how effective it will be. So, just because new technology is based in the cloud, doesn’t mean that it’s inherently secure. Having full visibility of where and how your information is stored is still critical. Having multi-factor authentication is still critical. Authenticating in a clear, seamless manner against a central authentication database is still critical. Training your employees on good security protocol is still critical and having a clear plan in place of what to do when you have a breach is still critical.
Focus on the basics, hone your cloud footprint and you give yourself the best chance of keeping your business secure.