By José Manuel Gomes, IT Operations, Cloud & Security Associate Director at Noesis
In just a few months, we witnessed a giant technological leap based on the incorporation of new technological capabilities and the development of cloud strategies supported by flexible IaaS and PaaS models and by the rush to consume SaaS applications.
This hyper-acceleration of the digitalization of the economy has also brought new challenges to CIOs. The growing development of Multicloud environments has resulted in the expansion of cyber-exposure and the increase in points of failure and vulnerabilities in networks and environments, which cyber-attackers have been quick to exploit in a variety of ways. On the other hand, the level of threats has also evolved, driven by the increased consumption of SaaS applications, IoT, AI-based attacks, phishing, and M2M attacks.
Thus, we must refocus on the Security Architecture through a holistic approach that includes “smart” technological capabilities, including standards, guidelines, processes, and practices that guarantee mechanisms for safeguarding information security and privacy policies and accesses.
This view can be very succinctly presented in the framework: Security & Privacy by Design.
Cloud-oriented solutions and services support the growing use of Multicloud environments, capable of controlling access at points where must apply the security policy, from on-premise to different deployment models. Intelligent Monitoring solutions can detect all types of threats: internal, cyber-attacks, filtering, data manipulation, and supply chain threats.
Compliance and Auditing Mechanisms: suited to each of the different deployment models. The security of the applications and the data that transits between them cannot be under each service provider's individual responsibility.
Data Governance: With increasing mobility, increasing adoption of SaaS and Shadow IT applications, the ability to govern the use of cloud applications is critical to ensuring compliance with E2E security policies.
Digital Identity: IAM solutions must have levels of sophistication that allow for federating authentication in multi environments and managing provisioning in an integrated and secure manner.
Cybersecurity Managed Services: Services that work 24×7 with highly qualified and experienced talent, versed in the use of cutting-edge technologies and proactive threat prevention and neutralization principles.
Next-Gen Cybersecurity: More complex cloud environments and increasingly sophisticated intrusion schemes demand more demanding, automated, and sophisticated paradigms and solutions, using solutions that incorporate AI and self-learning algorithms. In conclusion, if 2020 was the year of survival and rapid decision-making towards business digitalization, while there hasn't been much time to incorporate security and privacy policies into the evolution of IT ecosystems, 2021 is the year that organizations must take a step back towards refocusing aspects of the security architecture and to train themselves in a structured way with cutting-edge services and technologies that allow them to safeguard against greater cyber-exposure and internal threats.
Original article, here.