The Biggest Cloud Trends For CISOs

The cloud’s has many benefits such as self-service access, elasticity, scalability, quick deployment, and lower costs. This has brought about accelerated delivery to market and rapid uptake by enterprises. However, there are still risks involved in adopting the public cloud strategy, Chief information security officers (CISOs) should note that cloud strategies continue to change and evolve as new cloud technologies and services are introduced. This results in cloud security strategies of as little as five years ago are already outdated. Cloud security must evolve at the rapid pace as the public cloud space.

Forrester, one of the most influential research and advisory firms in the world, shares an article on Forbes depicting the most critical cloud trends  that CISOs should and/or need to be aware of:

• Securing AI in the cloud. “The onslaught of generative AI has meant that CISO organizations have also had to pivot. Lack of transparency around black-box AI models, susceptibility to bias, ethical considerations, threat actors that can exploit open-source models, and AI models that hold large amounts of data vastly increase an organization’s attack surface. CISOs should be addressing these three concerns: 1) reviewing the security controls and governance of cloud-managed AI services; 2) agreeing on the security roles and responsibilities between the cloud provider and your security team; and 3) upskilling the AI capabilities of the security and broader cloud infrastructure team to secure these new services.”
• Workload placement for cloud sustainability. “New sustainability reporting requirements in the EU have forced enterprises to focus on their carbon footprint. One method of meeting sustainability requirements is through placing workloads in more sustainable availability zones. For example, this could involve ensuring that an availability zone powered by solar power or other renewable energy sources is preferred to one powered by a gas-fired plant. Cloud teams rely on cloud management solutions and carbon footprint data to inform workload placement. CISOs need to ask where their data will reside and implement controls over sensitive data to avoid automatic movement by workload management solutions that break security requirements.”
• Sovereignty and regulatory requirements. “In recent years, new sovereignty requirements have created a broader push for private and sovereign clouds. CISOs operating in such environments know they need to meet these sovereignty and regulatory directives but have to balance this with allowing the wider IT team to deliver capabilities that the business needs and wants. CISOs should focus on ensuring that they understand which data types require sovereign cloud services, skeptically review claims about sovereignty by some hyperscalers, and seek to protect only the data that requires this protection, in order to keep the business on side.”

 

For Full Article, Click Here