(Cloud) Access Risks

Classical IT-Security is centered around the assets governed by the IT organization, and therefore in reality information security and IT security are used to describe that same thing. Protecting the assets of the IT organization is good, but at the end the real value of security is to protect the assets that are important for the overall organization. This becomes obvious when IT services more and more move into the Cloud, and users more and more bring their own devices to work with. Who will stay in the security game thus needs to switch from protecting IT assets to protecting Information Assets which are critical to the organization.

This presentation will give an overview on how to move from IT and System Security to Information Security.

Today’s cloud architecture increases the risk of access to a company’s critical data, such as intellectual property, personal privacy information, cardholder data, health information, financial data, etc. As a result, companies are asking themselves how do they ensure that their organization's most critical information is in the hands of the right individuals and that they're doing the right things with it?

During this panel session, we’ll outline what organizations need to do to identify, quantify, and manage the risk of information access in the cloud environment. We’ll discuss how companies need to determine what information presents the greatest risk and what access issues are the source of this risk. Next, learn how to present this information to your business colleagues in terms they understand, so that they know how this impacts the business. They must be able to translate this risk into underlying security issues and deconstruct the elements to identify the source of the risk and determine how to manage it. Simply identifying and quantifying the risk is not enough if you can't explain how to remediate and manage the risk. We’ll also explore the access assurance steps and automation needed to increase access controls to prevent future occurrences.

After this session, attendees will be able to:

• define the practical steps needed to identify, quantify, and manage the risk associated with access in the cloud;
• identify cloud access policies, the detective controls to continuously monitor risk and its source, the ability to remediate problems, and the preventative controls to better control risk moving forward;
• analyze the elements of access risk and summarize why this should be among the top areas of concern for security professionals;
• discuss how to effectively communicate access risk to business without slowing the business drivers of cloud migration; and
• describe how to partner with business, audit, security, and cloud providers to create an effective cloud access assurance strategy.