Digital Guardian interviewed 22 security experts on the benefits of cloud computing as it pertains to cyber security, Stronghold Cyber Security founder and CEO Jason McNew was one of them.
Cloud Computing Security Benefits: Infosec Pros Reveal the Top Benefits of the Cloud
Cloud security has been a topic of conversation in the InfoSec world since the advent of the Cloud. Initially, enterprises hesitated to adopt Cloud technology based on the perception that you can’t really secure what you don’t have direct control over. The idea of giving up “direct control” by not maintaining all company-owned data on-premise made companies uneasy.
However, the tide has turned. With the proper configurations and the appropriate security controls in place, the Cloud can now in many ways be more secure and beneficial to security teams than on-premise data centers. To find out how information security teams are reaping the benefits of the Cloud, we reached out to a panel of cloud security experts and asked them to share their opinions on the following question:
“What are the top benefits that cloud computing can bring for information security teams?”
Jason McNew previously worked for the White House Communications Agency / Camp David for 12 years, where held one of highest security clearances. He is now based in the private sector as founder and CEO of Stronghold Cyber Security. He is a veteran, holding four degrees including a Master’s in Cyber Security from Penn State.
“Cyber Security as a discipline is about managing risks to your information and your enterprise…”
For most enterprises, security is a cost center, and its application only makes sense to the extent that it reduces risk or saves money, and ideally, both. Cloud computing is an excellent security solution when used in conjunction with a formal data classification program. For example, we might employ a simple three tiered data classification strategy which divides information into three categories – Restricted Data, Private Data, and Public Data.
Based on this scheme, it is much easier to conclude what our risk tolerance for particular pieces of information is. For Public Data, cloud computing is the perfect solution, mainly due to economies of scale which offer reduced costs. Because we are dealing with Public Data, we are unconcerned with confidentiality.
When considering cloud computing for handling Private Data, a greater degree of due diligence is required. The information security team must carefully screen the cloud providers and ensure that the provider has been audited by a third party for compliance with an information security framework such as SOC 2.
Access to Restricted Data, the compromise of which can put an enterprise at great risk, should be kept to a minimum. It is inadvisable to use cloud computing for handling restricted data.
The full, unedited article can be found at https://digitalguardian.com/blog/cloud-computing-security-benefits