Page 50 - Cyber Warnings
P. 50
Top Systems Security & Compliance Essentials
By Destiny Bertucci, Head Geek, SolarWinds
As 2016 comes to a close and we look to the year ahead, one thing we can expect to remain a
constant is cybersecurity threats. Despite greater awareness, in 2017 we expect there will be
exponential increases in both the volume and visibility of data breaches, particularly for large
corporations. The next data breach or corporate hack isn’t a questions of if but when.
Just a few months ago, it was announced that in 2014, Yahoo! fell victim to the biggest data
breach in history, losing nearly 500 million accounts’ worth of personal user data to attackers.
Security must become top of mind for today’s businesses, especially given the fact that the
overall landscape has become much more complex and difficult to manage.
To start – and this should come as no surprise – the growth of hybrid IT has exacerbated
security vulnerabilities. While it’s important to realize that infrastructure and/or data location
matters much less than accessibility (in fact, anything that can be externally accessed is equally
likely to be attacked), the expansion of IT beyond the traditional four walls of the data center and
into the cloud has opened an entirely new can of worms for security policies and procedures.
In simpler times, IT professionals were comforted by the knowledge that their data was on
servers securely locked away in the data center, able to be rendered inaccessible simply by
cutting the power.
Now that data is hosted in the cloud, and although most public cloud providers have strong
SLAs that are compliant with stringent policies, including HIPAA, PCI DSS, FEDRAMP, SOX,
and many others, the shift to the cloud has added another layer of security and monitoring
complexity.
There is also a significant skills gap to contend with, as the convergence of IT roles brought on
by hybrid IT and trends like DevOps have resulted in a dearth of security experts.
More often than not, security, rather than being treated as its own data center discipline, is
considered an afterthought. Not only do today’s IT professionals increasingly need to know a
little of everything across networks, systems, and the cloud, they are also being tasked with
managing their organization’s security measures.
Unfortunately, security is very fluid, ever-changing and demands constant attention. IT
professionals who already wear several hats are often not adequately equipped to successfully
defend their business from attacks.
50 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
