3 IT Security Questions You Should be Asking, but Aren't
CIOReview
CIOREVIEW >> OpenStack >>

3 IT Security Questions You Should be Asking, but Aren't

Christopher Clapp, CEO, Bluelock
Christopher Clapp, CEO, Bluelock

Christopher Clapp, CEO, Bluelock

The pace of IT security innovation is driven not by your business’s agenda. Rather, IT security innovation is driven at the pace of the latest hacks, attacks and impending threats. That always-changing, fast pace is near impossible for organizations to keep up with while maintaining excellent service delivery of business’s core IT functions.

The expansion of IT’s “as-a-Service” capabilities has grown and matured over the past decade, enabling your business to easily consume software, infrastructure, private cloud—even disaster recovery in an “as-a-Service” way that allows your business to use what you need, when you need it, in an on-demand, flexible delivery model. Procurement and onboarding times are shrunk to days and weeks instead of the months required with traditional services and hardware implementation, which begs the question, “How are you going to satisfy your security burden at the speed at which “as-a-Service” solutions are implemented today?”

First things first: there are no shortcuts when it comes to securing your environment.

While the best partners and providers change with the market, no provider can fully take away the burden of managing that security, and it wouldn’t be responsible for you to completely give up control either. While these partners and providers become an extension of your team and help you increase your security and protection, you need to think beyond traditional IT hardware solutions and consider security holistically for your entire environment.

Here’s a consideration many companies forget until it’s too late. Are you thinking holistically about the security of your technology and your data? Think not just about your hosting environment, but also consider the security of your recovery environment. We see CIOs and CISOs increasingly asking for secure hosting and secure cloud solutions, but not enough are thinking about the entire environment. Not enough are looking for a secure recovery environment.

Are you? If not, ask yourself, “Why Not?”

Companies are just as vulnerable in their recovery environments as they are in production, but they can be just as protected as well. Unfortunately, many IT leaders don’t consider the vulnerability until it’s too late. Consider the current security threats of your recovery environment and ask yourself these three questions

1) Would you trust your data with only basic security protections in production?

Spend your IT budget wisely and look closer at the security of your recovery environment. If you have sensitive data, would you trust your recovery environment to run your applications with basic protections, even for a short time? If you’re spending your budget on the security of your production and only using basic security protections in recovery, you may want to reconsider your DR plans.

2) Does your business continuity plan consider IT security risks in your recovery environment?

Recovery has to work to be worth it’s cost. Your organization, your shareholders and your customers are expecting it to work. All complexities should be considered and contemplated in advance, so that your team has confidence that it not only will work, but also maintain your security while running as production. If you’re only considering the security of your production environment, who’s to say that your recovery state is also secure?

3) Do you have a way of ensuring your security advances are up to date?

The advances in the security of your production environment should be mirrored in your recovery, but do you have a way of keeping them up to date in both environments? Gauge your confidence that your sensitive data in your recovery environment is secure and protected at the same rate you gauge your production environment.

Assuming your recovery environment is secure and protected is not enough due diligence to protect your data or your business. When a disaster strikes you should feel confident and prepared that your sensitive data is secure and protected, no matter what.

Rigorously testing your DR plan and your recovery environment will provide you the confidence that your recovery will work. A good place to start is to perform a risk assessment of your organizations current recovery environment. That assessment will show you where your organization stands today and set you up to quickly decipher whether or not you’re comfortable taking on that risk.

Read Also

Basic And Applied Research In Aerospace Sciences At The Office Of Naval Research

Basic And Applied Research In Aerospace Sciences At The Office Of...

Knox T. Millsaps, Ph.D., SES Director, Division of Aerospace Sciences Office of Naval Research
CRM: The New Center of the Marketing Universe

CRM: The New Center of the Marketing Universe

Ryan Malone, Founder and CEO of SmartBug Media™
Insurance Market is in Full Swing in Tune with the Digital Transformation

Insurance Market is in Full Swing in Tune with the Digital...

Adilson Lavrador, Executive Director of Operations, Technology and Claims, Tokio Marine Seguradora
A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality Assurance Team

A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality...

Jamie Martin, Vice President of Supply Chain and Chief Procurement Officer, Pacific Gas and Electric Company
The Future Of Oil And Gas Industry With Digital Solution

The Future Of Oil And Gas Industry With Digital Solution

Azfar Mahmood, Product Manager, Jeremy Angelle Vice President Digital Solutions at Frank’s International
Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Matthew Harwood, GVP Strategy and Sustainability, McDermott International