As many enterprises in the Asia Pacific region take to the cloud, it's important for their leaders to learn security lessons from other enterprises that have already made this journey, says Jim Reavis, CEO of the Cloud Security Alliance.
He emphasizes that enterprises are grappling with the challenge of managing risks and data privacy in the cloud.
"The most critical challenge for CISOs has been to deal with legacy applications which are not supported by the vendors, and for this, migrating to cloud could be a solution," he says.
Among the key lessons CISOs in the region need to learn about cloud security, he says, are building cloud adoption program architecture, frameworks and business alignment.
One way to emulate leading-edge organizations is to implement cloud security intermediaries, such as Cloud Access Security Brokers, who operate on-premises, or at cloud-based security policy enforcement points, placed between cloud service consumers and providers, to combine and interject enterprise security policies as the cloud-based resources are accessed.
"The critical part is to determine risks associated with the business and third party, and be judicious in selecting a service provider and type of cloud solutions, such as SaaS or IaaS, to address from a compliance and regulatory standpoint," Reavis says.
In this interview, conducted at the RSA Conference Asia Pacific and Japan, held in Singapore, Reavis discusses how to understand cloud control metrics and build a futuristic cloud program. He offers insights on:
- The importance of gaining cloud usage experience and enhancing skills;
- Demonstrating compliance in the cloud;
- Evaluating different types of cloud offerings.
Reavis helps shape the future of information security and related technology industries as co-founder and CEO of the Cloud Security Alliance. Recently named one of the top 10 cloud computing leaders by SearchCloudComputing.com, his security trends analysis has been published and presented throughout the industry.