UNIVERSAL CITY, Calif. — A complete security program is required to maintain confidentiality, integrity and availability of our critical data and the infrastructure that holds it, according to Andrew Lemke, North America cyber resiliency technical solution leader at IBM.
What’s important is to find a strategy to get to the cloud, he said Dec. 4, during the Cloud Security breakout presentation “Secure Journey to the Cloud — Part 2” at the Content Protection Summit. But, in general, “we’re not really doing it well yet,” he noted.
Following up on what he discussed in a Content Protection Summit session earlier in the day, Lemke used the breakout session to delve a little deeper into where organizations should focus their resources first to gain the biggest immediate reductions in risk.
The first main area to focus on is developing a strategy, he pointed out. Next, “as we visualize the development of the program,” it’s a good idea to “move left in terms of considering the security and the resiliency of outcomes, so we need hacker mindsets involved when we’re building our products,” he told attendees.
“And then, long-term, once we get to the cloud, we need to manage it and monitor it, and make sure that we’re resilient,” he pointed out. So, for instance, you need to make sure that “not only is your secure application built and up and running,” but it should stay up and running with “multiple backup environments” in multiple data centers, he said, adding IBM “can help” with all of this and “manage it long-term as well.”
Next up is executing on the strategy that’s been chosen, including building it out properly, he said. It’s important for your team to then think about “all the what if problems that could happen,” he said, adding you should then “continuously test.”
Up next is achieving “resiliency,” he said, noting that’s a “fairly new topic.” But it’s important to be able to reach a point where “you can keep doing business no matter what” happens, he said, adding that being able to recover even if your backups have been infected and can’t be trusted anymore is crucial.
Containerization is among the new technologies available that can be used to “lock down the environment,” he said. Also important is to always know where all your critical data is, he added.
Urgent also is to “get your business and technical teams actively involved,” he said, adding: “If you’re struggling with securing an environment, go to the top,” he suggested. After all, “you cannot deploy strong security unless you have buy-in from the top,” he told attendees.
The Content Protection Summit was produced by MESA and CDSA, and was presented by SHIFT, with sponsorship by IBM Security, NAGRA, Convergent Risks, LiveTiles, Richey May Technology Solutions, EIDR, the Trusted Partner Network (TPN) and Darktrace.