Friday, March 5, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Workloads Are the New Atomic Unit on IT Landscape

The Cloud Transformation and the De-Emphasis of Servers

by Robert Clyde
May 22, 2017
in Cybersecurity, Data Privacy
view of server room under dim lights

The Cloud Transformation and the De-Emphasis of Servers

Enterprises’ move to the cloud brings the potential for improved security and reliability, but it also can cause unease for some IT professionals who are accustomed to operating servers. Effective workload security can provide the foundation for successful cloud transformation.

Servers have long been considered the foundational element of IT.

IT pros are used to operating and maintaining servers. In many cases, their professional identity is strongly linked to their server expertise.

As technology evolves, though, it is time for IT professionals who retain a server-hugging mindset to accept and embrace the new reality. To borrow a phrase from Fred Kost of HyTrust, workloads are the new atomic unit of IT. Workloads have the computing, software, data and networking capabilities necessary to perform a desired function.

This cloud-driven evolution can be unsettling for some IT professionals who are much more comfortable knowing where systems are running. While cloud adoption has been rising – the global public cloud market will be US $146 billion in 2017, up from $87 billion in 2015, according to Forrester [1] – that old-school mentality, combined with a variety of privacy and regulatory challenges, has given some organizations pause about retooling their IT infrastructure.

With few exceptions, enterprises with less than 1,000 employees that are not seriously considering moving 100 percent of their operation to public cloud are missing the mark. Major cloud providers are equipped to provide a level of reliability, security and business continuity with which smaller companies are unable to compete.

Workload security is the key element in the cloud transformation. It can eliminate privileged account misuse, halt data breaches, remove costly infrastructure gaps and stop accidental downtime. The privileged user component can have an especially profound impact. Without the proper workload security, privileged users have the ability to move workloads around or even delete thousands of them in one fell swoop. A bank that would not permit an individual admin to write a $100 check could allow that same person to essentially topple the bank’s production systems in a matter of seconds, highlighting the need for sound administrative controls – such as the ones determined by following the COBIT framework – to be in place.

Containers – rapidly becoming the new normal – will be key to how these workloads function. Containerization is becoming popular among developers and data centers as a method to separate an application from the operating system and the physical infrastructure that it uses to connect to the network. Containers have similarities to virtual machines but do not each contain a copy of the operation like a virtual machine does. This means they can be started and stopped much more quickly than virtual machines. Containers often exist for short durations, sometimes seconds, and like virtual machines, they move around.

Once enterprises opt to move to cloud, there are important decisions to make, such as which type of cloud provider – public, private, hybrid, multicloud – best fits the organization’s needs. It may not be easy to migrate an enterprise’s data from one provider to another, so organizations should be careful to avoid becoming locked into a vendor that is not the right fit.

It is also necessary to understand where the service provider’s responsibility ends and the enterprise’s responsibility begins relative to security and reliability. Details such as agreeing on the notification and severity level for incident management and understanding how business continuity and disaster recovery plans align must be clearly defined.

Another critical choice is who controls and manages the encryption keys. At first blush, many would think the company, not the cloud provider, should own the keys. Not so fast. What’s a more likely risk – that a seasoned cloud provider managing the keys will fail to safeguard the data and the keys, or that the enterprise will lose its keys and be unable to access its data? For many small businesses, the better option might be to let the cloud provider manage the keys. Larger organizations with strong key management capabilities are likely to want control over the keys.

Moving to the cloud can improve an enterprise’s IT efficiency and security, but the decision must be made thoughtfully. We’re rapidly moving toward an IT landscape that will be reliant on continuous security monitoring and continuous auditing – and all of that automated. The roles of technology professionals will continue drifting away from maintaining servers and toward ensuring the automation is functioning correctly.

[1] Forrester, Predictions 2017: Customer-Obsessed Enterprises Launch Cloud’s Second Decade, November 2016


Tags: automationCloud Compliancemonitoring
Previous Post

The Case for Compliance Automation

Next Post

Insights from the Global Fraud & Risk Report

Robert Clyde

Related Posts

Illustration representing a facial recognition technology scan of a face.

Facial Recognition Technology in the Workplace: Employers Use It, Workers Hate It, Regulation Is Coming for It

March 3, 2021
finger breaking digital padlock

SOC 2 Compliance: Why You Should Care

February 19, 2021
side view of earth with network concept

A Boom in Privacy Regs Complicates Compliance

February 10, 2021
phishing concept: fish hook with security locks on white background

New Threat Jeopardizes GDPR Compliance

February 8, 2021
Next Post
waves of data on black background

Insights from the Global Fraud & Risk Report

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights