Cyber Security in a cloudified world steering into trade wars and further social turmoil’s is not an easy task. Engineers split up complex topics into digestible smaller areas. We split up into:
- Network & Connectivity
In the “change the play field” approach, this area is normally delegated to professional network providers. The cyber resilient platform requires the functional capabilities and security measures of world class providers.
- Infrastructure & Residency
Traditional on premises infrastructure is less and less the model of choice. Infrastructure as a Services, sometimes partially hybrid is the primary approach in larger organizations. The providers of these infrastructures at the locations of choice are tasked with the hardening and the protection of the infrastructure.
- Data & Information
Protecting information, aside of the identity and access management controls of the application, requires lock-in DLP (data loss prevention) capabilities, encryption on file and/or field level and/or rights management. Assuming that further cloudification is unavoidable, ultimately business processes will move to the cloud entirely as well. Raw data and processed data (information) protection is about functional access control and encryption of data in the services provided and between the services participating in the business processes. The cyber resilient platform uses advanced cloud data protection gateway technology to protect the information in every situation.
- Processes & Collaboration
All involved persons and organizations will communicate more and more intensely. This will require industry specific collaboration models ensuring safe and sound end to end information sharing that is only possible when the data & information level build a solid base.
The CRAM – Cyber Resilient IT Asset Management™ platform changes the game by providing an environment where the good guys define the rules in their favor by using state of the art measures to strengthen each level and creating a new rainfall covering all four levels of security. Thus, delivering unprecedented overall cyber resilience.
Change of Playing Field
Silicon Mountains believes that regulatory compliance is not an acceptable standard of protection. This level lags the standards set by: (a) the major financial services firms (b) all academic and industry studies and (c) governmental oversight agencies as well as other security specialists. Each conclude that this level will not be enough in the intermediate and long term. Without actively seeking and developing strategic alternatives that limit the vectors, scope and impact of cyber-attacks – changing the playing field – risks and costs will continue to increase significantly. This approach contains a complete overhaul of risk reduction programs and an examination of the current use of personnel as well as technology. One of the keys to this transition will be migration to cloud based solutions.
Migrating systems to the “cloud” is an appropriate management or strategic initiative:
- it decreases system, personnel and administrative risks as well as costs;
- it increases the number and quality of risk overlays;
- software vendors will offer their services, software and patches predominantly in the cloud; and,
- this trend will only intensify in the future; the economic business case and market valuation metrics are leading software vendors to provide only cloud-based solutions to their customer base.
The already high personnel costs associated with hiring, maintaining and training a competent staff to oversee an “in – house cloud” will increase in the very near future due to the industry need of these skills. Access to such people is already difficult and is becoming increasingly so. Market analysis clearly provides that there is not only a severe shortage of cyber security personnel, but that shortage will become even more severe as threats increase. This shortage of capable personnel is one of the critical risks displayed in every risk assessment report associated to cyber security vulnerabilities. Movement to cloud based platforms reduces the number of rare professionals required to maintain systems and provides the potential to redeploy current staff to other meaningful activities.