HR and IT – How Data Security Can Make for Strange Bedfellows
Yes, you read my lead correctly. I am going to talk about how HR and IT can team up to improve Network Security in the Cloud. So bear with me…
Recently we posted on The Cloud and Liability issues. The Cloud – as ingenious a solution it is for information obtain-ability and computing flexibility – it also eliminates most of your control over who can access your organization’s most valuable asset: your data.
Think about it. The cloud presents an ever-changing, externally determined chain of custody for sensitive data and applications. For many business functions commonly run in the cloud, such as hosting websites and wikis, it is often sufficient to have a cloud provider vouch for the security of the underlying infrastructure. However, for business-critical processes and sensitive data, it is absolutely essential for organizations to be able to verify for themselves that the underlying cloud infrastructure is secure. The cloud can drastically compromise confidentiality if your provider can’t guarantee the integrity of the people manning your property.
The Cloud brings up basic question: How much do you trust your Cloud provider’s HR department?
What are the IT employee hiring protocols or security checks employed by your cloud provider? The lack of visibility into the hiring standards and practices for cloud employees and a general lack of transparency into provider processes and procedures, such as how its employees are granted access to physical and virtual assets, make preventing data theft a potential nightmare. Depending on the level of access granted, a malicious outside-insider may be able to harvest your organization’s confidential data or even gain control of the entire infrastructure with little or no risk of detection.
But we don’t think that security concerns should be an absolute barrier to the adoption of Cloud computing technologies. What we do think is that organizations are right to consider the implications of the Cloud – and demand visibility into their suppliers technology and processes to ensure the appropriate level of administrative privileges for better information protection.
Perhaps its time to ‘geek up’ HR. For example, Application and Privilege controls can provide HR visibility into how businesses and individuals access and manage applications. With HR and IT in concert on privilege user parameters and administrative rights, policy enforcement can become more distributed and effective.
Security is an on-going, collaborative process. Constant review of both policy and technology is necessary to safeguard corporate networks. And although you can never eliminate risk completely, when you improve relations between HR and IT, so that policy and technology go hand in hand, an organization’s security becomes a great deal tighter. Check out our latest cloud security whitepaper.