enterprisesecuritymag

Hybrid Workspace: A Boon or Bane?

By Greg Becker, President & CEO, Silicon Valley Bank

Most organizations have been adopting cloud-based architectures such as Software-as-a- Service (SaaS) to upgrade their workplace learning and development programs. That is owed to the cloud environment’s ability to foster communication and sharing of information more easily within an enterprise. If someone is working on a project that is spread across different locations, they can use cloud computing to allow employees, contractors, and third parties to access the same set of data. Since the entire business model is based on providing IT resources, cloud providers can afford to hire and retain the industry’s finest skill-sets. However, it is not rare to see organizations spending large sums on IT infrastructure, yet unable to derive benefits of the same due to lack of skilled resources.

"Technology will support this whole new environment of hybrid workspace but also the people and process need to co-exist with it"

Streamlining Risk Management

Some of the formidable hurdles plaguing the enterprise landscape are associated with data protection. Misuse of account privileges, identity theft arising from a phishing campaign, information leak as a result of oversight, and other social engineering attacks compromising user account data account are some of the biggest security problems in the current day and age. And, these unresolved problems create exploitable loopholes for attackers to breach the security infrastructure to steal data or cause havoc. Therefore, it is evident that one would end up having problems due to technical inadequacies. To overcome these issues, technologies such as SOAR (Security Orchestration, Automation, and Response) can provide the support and the means to actuate risk management processes. SOAR is a solution stack used to improve the efficiency of digital security operations, not just by detecting security threats but also responding to low-level security events within our environment, without human assistance. We have gone down the path of reducing the number of financial overheads that were required to manage a multitude of solution sets, omitting out the chances of human error by implementing them within our security and IT infrastructure, such that the outcomes are more reliable and efficient.

Administering cloud technology in the workplace

Another noticeable trend is the popularity of hybrid cloud applications that are being adopted by organizations, including our own; we have a combination of public and private cloud in our premises that suffice varied use cases. The introduction of cloud-based platforms like Exchange Web Service (EWS), Microsoft Azure, and Google Cloud has challenged the traditional environment and the perimeter that people have relied on in the past. Today, SaaS platforms are generally adopted by companies that want to benefit from enterprise applications without the need to maintain and update relevant physical infrastructures and components.

Upcoming projects involving DevOps

There is a myriad of processes going on right now, but the most significant one is migrating our existing infrastructure into defined data centres, storages, and networks. We are using orchestration and automation platforms that allow us to provision either private or public cloud with a robust information governance module. The next revolutionary phase of virtual machines is containerization. Virtual machines emulate hardware components to share computing resources, thereby running multiple applications or operating systems on a single physical server or distributing an application across multiple physical machines remotely. Containers, on the other hand, are more lightweight and packaged with all runtime components such as files and libraries, but they do not include the whole operating systems. Container-based technology allows our workload to be provisioned either on-premise or in the cloud, using DevOps. The DevOps methodology is the practice of operations team and the development team participating together in the entire service lifecycle of a project, from design through the development stages. One of the advantages of DevOps is that it does not require substantial technical changes to be enforced on the two teams. Currently, we are utilizing Openshift, Amazon Web Service (AWS), Terraform and similar technologies that allow us to work across all those different platforms, all the while abiding by the DevOps philosophy.

A word of advice

The most important thing for people is to take a balanced approach when it comes to the application of technology. Yes, one can focus on a solution but might find that they do not possess the apt skill-set required to utilize it. So, they might not end up getting all of the benefits out of that solution in return. Both people and the process must be governed consistently to solve security requirements, and one must proceed holistically to protect the company from fraud, error, and breaches with advanced practice controls and latest audit rules to minimize false positives. Technology will support this whole new environment; but also the people and processes need to synchronize with this environment to ensure that beneficiaries reap the rewards out of those solutions.

Read Also

Enterprise Risk Management and Cyber Security

Enterprise Risk Management and Cyber Security

Monica Khurana, CIO, RS Investments
The Importance of Quantifying Risk

The Importance of Quantifying Risk

Jamie Samans, Director, Information Systems Security at American Institutes for Research
When is The Right Time to Evaluate My Information Security Risk Strategy?

When is The Right Time to Evaluate My Information Security Risk Strategy?

Gary Sheehan, Director - Information Security at Elon University
A New Framework in Risk Management

A New Framework in Risk Management

Kevin Richards, Managing Director, Global Head, Marsh & McLennan Companies (NYSE: MMC)

Weekly Brief