Tips on Building an Information Security Team

Posted by Lesa Moné on November 29, 2017

shutterstock_119092858_StandardLicense

As digital transformation looms, many organizations scramble to transfer their computing to the cloud. Cloud computing leverages the most effective and economical solution possible, constantly enabling your company to be agile and competitive.

While traditional companies ignored the power of cloud computing aspiring start-ups leveraged digital transformation technologies to overthrow entire industries. Just take Airbnb, Lyft, Uber, and Deliveroo for example.

Gartner’s 2017 global CIO survey shows that digitization takes up 18% of current budgets. This number is expected to rise to 28% in 2018. For public cloud services specifically, Gartner is forecasting that global spending will grow 18% in 2017 compared with 2016 to almost $247 billion. 

Cloud computing isn’t all sunshine and roses - as data breaches are happening almost daily, it is imperative to place a sharp focus on security in the cloud.


So how do we secure information in the cloud?

It will take a group effort to secure information in the cloud. Contrary to popular belief, it is not the full responsibility of the cloud platform provider to provide 100% security for your organization’s data. Some providers have robust security protocols in place that can clearly outline the measures that they take to ensure security. It always helps to have certain appointment assurance from your team.


Digital transformation will involve the focus of specific members of your team.

The Chief Information Security Officer

CISOs are in charge of reviewing and approving security policies, planning appropriate responses to cyber incidents, reviewing investigations after breaches or incidents, and maintaining a current understanding of the IT threat landscape for the industry. The CISO of your organization should check that the cloud provider has the resources and know-how to monitor and protect your end-users’ identities, devices, apps, and data. Most reputable cloud providers should want to show a track record of high-level security and operational history.

The Information Security team 

This team should ensure that the organization’s security tools and processes can easily connect to the cloud provider. They should know which vulnerabilities exist in the new cloud environment, and how to combat any possible risk.

DevOps team

Security practices can be infused directly into the DevOps processes of continuous integration and continuous delivery. If security solutions are adopted by each team member, it becomes easier to secure the entire organization’s infrastructure.


New Call-to-action

Gregor_LCS_2021