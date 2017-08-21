The 3-step game plan to securing your journey to the cloud

At CLOUDSEC 2017, Rik Ferguson, VP Security Research of Trend Micro, and Simon Piff, vice president of IT Security Practice at IDC Asia/Pacific, share tips on how Asian businesses can harness the power of the cloud.

Businesses in Asia should take cues from gaming as the way players approach a game can be applied to the real-world to help companies harness the power of cloud computing, Rik Ferguson, VP Security Research, Trend Micro, told delegates at the CLOUDSEC 2017 in Singapore today (22 August 2017).

Similar to how players need to understand the game environment when they start a game, businesses need to first understand the market forces, technology landscape and the threat landscape affecting them as they adopt the cloud, said Ferguson.

For instance, companies moving into or are using cloud need to ensure that they are compliant to EU's General Data Protection Regulation (GDPR) when it takes effect in 2018. They should also understand that the changing threat landscape -- Trend Micro expects 'next-tier' threats such as ransomware and business email compromise to increase in magnitude in future.

Step 2: Gear up

Once that's done, businesses should then secure their journey to the cloud. Ferguson asserted that this step should not be considered as a burden or checklist, but be seen as an "enabler for organisations to run faster with confidence".

However, he reminded delegates that there is no silver bullet. Organisations thus need to be strategic and find security solutions and strategies that fit their needs.

Agreeing with him, Simon Piff, vice president of IT Security Practice, IDC Asia/Pacific, highlighted that companies need to understand their own environment in order to protect the business.

For instance, organisations need to understand what are their crown jewels (eg. core intellectual property or personable identifiable information of customers), as well as know how well-equipped they are to protect those 'treasures' from persistent threats, he added.

Only by having these knowledge will more organisations be able to take a proactive approach to cybersecurity, unlike the current state in which 84 percent of businesses in APeJ are in stage 1 and 2 of IDC's IT Security MaturityScape Benchmark Report, meaning that they are mostly reactive.

Step 3: Changing your game play

As businesses adopt cloud, employees and IT teams need to change their perception of cybersecurity.

For employees, they need to understand that security is everyone's responsibility, Ferguson stated. Piff added: "[By thinking that] it's not IT security but what IT can do to limit business risks, it engages other parts of the organisation that need to have a stake in cybersecurity."

As for IT teams, Ferguson advised them to re-evaluate 'best practices' that have been built over time. They should also "acknowledge security holes" in order to take the right steps to improve their security posture.

Meanwhile, the CEO or board needs to understand that there is no such thing as being connected and 100 percent secure, said Piff. "This drives he conversation from protection, to risk management and mitigation."

