No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Cloud Security Isn’t Just on Your Provider; It’s Your Job, Too

5 tips for keeping cybersecurity practices in check

by Wolters Kluwer
March 1, 2023
in Cybersecurity
cloud computing security

Organizations want to embrace all the benefits the cloud has to offer while still protecting their sensitive data. Engaging a cloud provider who practices security by design is a good first step, it’s far from the first one. Greg Tatham and Anthony Oliveri from Wolters Kluwer share their insights.

Cloud-enabled computing has emerged as an appealing alternative to organizations looking to move away from the considerable expense of internal infrastructure and hardware that would be otherwise necessary to store data or run mission-critical applications. It’s also abundantly clear that cybersecurity is an integral component of keeping those solutions safe and viable.

But what may be slightly more difficult to describe in any certain terms is where the lion’s share of the responsibility lies for upholding that cybersecurity: Is it with the cloud solution provider? The corporation’s IT department? Individual users? 

The short answer is probably all of the above. The longer answer is it’s a nuanced combination of technical design and institutional practices that can never be fully separated without jeopardizing an organization’s cyber health.

data breach
Cybersecurity

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data breach exposed the personal information of 2.5 million customers of the alcohol delivery service.

Read more

Here are five tips for ensuring that your organization is upholding its cybersecurity obligations.

Talk to your provider, but work internally, too

It’s true that all cybersecurity — or at least good cybersecurity — is a collaboration between you and your provider. While your cloud service provider absolutely holds a large share of the responsibility for protecting your data, you’ll need to carry some of that weight, too. All of that will be much easier if you know where their domain ends and yours begins.

A healthy business is an evolving organism, and your cybersecurity posture will need to account for each new growth spurt. And since a vendor can’t be expected to account for each personnel change a company undergoes over the course of its lifetime, it will largely fall to your organization’s IT team to stay on top of tasks like removing the user credentials of a departing employee or regulating access to sensitive data based on changing job roles.

It’s also not a bad idea to put other regular precautions in place to help eliminate human and technological weaknesses that pose a challenge to information security. Your cloud service vendor will have ideally addressed any internal software application vulnerabilities as part of their regular software development lifecycle, which should feature robust secure-by-design principles aimed at mitigating risk.

Regular stress tests can help an organization’s cybersecurity team detect or even predict potential threats before they manifest. Growing a culture of continuous employee learning around cybersecurity best practices and habits can also help well-intentioned employees avoid making costly mistakes.

Remember that compliance and cybersecurity walk hand-in-hand

Yes, a cloud service provider should be building the appropriate cybersecurity precautions into their products from the ground up. But the users of those solutions are under greater pressure than ever before to ensure that they are putting measures in place to maintain data safety, while also abiding with the mandates of an ever-expanding regulatory landscape. Accordingly, it’s a concern that has pushed its way into the upper echelons of senior executives and corporate boards.

The global patchwork of privacy and information security regulations is extensive, varied and potentially very expensive if organizations fail to take the proper steps to safeguard any sensitive or personal information in their care. While the particulars of may vary from jurisdiction to jurisdiction, privacy-centric regulations generally place a great deal of emphasis on the ways that organizations process any personal data they collect, as well as the implementation of adequate security measures.

More often than not, the cost of a data breach or other failure to meet those requirements extends beyond dollars and sense. Consumers have become increasingly vigilant about the way that business or other organizations collect and use their data — and a breach of that trust can damage relationships with clients and partners alike.

Make security invincible, yet invisible

It’s a catch-22. An organization’s cybersecurity posture must be as robust and impenetrable as possible — without inhibiting employee productivity or operations in general. One of the simplest and most effective ways for business to walk that tightrope is by streamlining access to sensitive data — or applications containing sensitive data — by job role. In other words, only the people who absolutely need access to those systems are provided with the credentials.

Meanwhile, companies that are debating the creation of their own cloud-based services or applications should consider embracing a “shift left” approach. In practice, this simply means integrating cybersecurity testing procedures into the earliest stages of the technology development process in order to detect any potential vulnerabilities as swiftly as possible — the very definition of secure-by-design products.

Make room for CISOs and CIOs at the executive table

If responsibility for cloud cybersecurity can’t be limited to one vendor, then it definitely shouldn’t be restricted to an organization’s IT department, either. Maintaining cybersecurity requires companies to make ongoing investments in infrastructure, training and employee engagement. Facilitating those resources necessitates buy-in at the highest levels from executive teams and board members.

Placing chief information officers (CIOs) and chief information security officers (CISOs) regularly within arm’s length of those most prominent of stakeholders helps to ensure that there are informed voices at the table who can eloquently — and authoritatively — speak to some of the cybersecurity demands facing the organization. This will become increasingly essential as businesses continue to try to reap the cost savings and efficiencies that come with digitizing their operations and workflows. Opportunities for improvement abound, but the larger a company’s digital footprint becomes, the greater the demand on cybersecurity.

Lead by example

It’s a company’s executives who set the culture of the organization, not its cloud provider. And culture is the most fundamental component toward ensuring strong cloud security.

The fastest way to secure employee buy-in around cybersecurity best practices is for corporate leadership to communicate — not only in words but in action — that superior data hygiene is a priority. That means walking-the-talk, whether it’s prioritizing multifactor authentication and devising increasingly strong passwords or proactive measures like drafting regular communications reiterating to employees how essential cybersecurity remains to the overall health of the business.

Cloud-based solutions can be an invaluable addition to an organization’s technology stack, fostering new efficiencies, reducing the expenses — and real estate — consumed by servers or other hardware, and providing critical protection for sensitive data. However, optimum cybersecurity will never be achieved by technology alone, no matter how sophisticated the product may be. Organizations must encourage leadership and employees from all walks of the corporate ecosystem to take responsibility for ensuring that the organization’s data remains secure.

tatham, greg

Greg Tatham is senior vice president and CTO of platform technology at Wolters Kluwer, where he focuses on the development and operations of innovative and extensible platforms to enable global business units to deliver a wide breadth of customer products.

oliveri, anthony

Anthony Oliveri is vice president of product software engineering at Wolters Kluwer and has extensive experience in guiding the development of complex software systems using leading edge technology.

Tags: Cloud Compliance
Previous Post

A Lesson in Kindness and Appreciation From Air New Zealand

Next Post

The Global (Mis)alignment of Human Rights Sanctions

Wolters Kluwer

Wolters Kluwer

Wolters Kluwer is a global information, software and service provider for the healthcare, tax and accounting, governance, risk and compliance, and legal and regulatory sectors. The group serves customers in over 180 countries, maintains operations in over 40 countries and employs approximately 20,000 people worldwide.

Related Posts

data spillage

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

by Rich Hale
October 12, 2022

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of...

amazon web services

Dark Clouds: Capital One Proves Financial Institutions Can’t Rely on Providers for Security

by Michael Volkov
September 7, 2022

Going by the online handle “erratic,” a former Amazon software engineer conducted an extensive hacking scheme that gave her access...

cloud with ladder to it and caution sign symbol

LogicGate Introduces Risk Cloud Quantify to Put Assessments in Terms of Real Dollars

by Corporate Compliance Insights
September 28, 2021

Illinois-Based Startup Launches New Function in No-Code GRC Platform After Raising $113M in Latest Funding Round Risk software startup LogicGate...

illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

by Erkin Adylov
January 25, 2021

Behavox CEO Erkin Adylov unpacks compliance trends that financial firms would be wise to focus on amidst the ongoing challenge...

Next Post
magnitsky act

The Global (Mis)alignment of Human Rights Sanctions

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT