Cloud computing has reached the boardroom so what is topical to that conversation? Can you boil it down to the things that are important?
It is now 12 years since I was on the leadership team of a small Microsoft ISV Gold partner business that took a bet and built a subscription service (today that would be in the category of SaaS) to allow paperless trading between counterparties in a supply chain. Back then security was not spoken about, how things have moved on.
There are countless numbers of people reporting about the cloud and in my role as Deputy Chair at Cloud Industry Forum I keep watch on LinkedIn, Twitter and other channels for news.
I particularly liked this end of year report from North Bridge as it shows what ranks as important in the decision to use the cloud.
Oh Oh Security
This is persistent and the conversation has more than one aspect. Most technologist jump to talk about ‘how to’ deal with security and that threat is constantly evolving and cyber risk is in everyday language. The conversation at the board meeting is not about technology rather about risk and the consequences of a lapse in security. Then there is the balancing act of allocating resources to combat the risk when that risk is not really understood – are you 100% certain your systems and data have not already been compromised?
Cyber risk and risk management
This section is accredited to The Institute of Risk Management.
The risks and opportunities which digital technologies, devices and media bring us are manifest. Cyber risk is never a matter purely for the IT team, although they clearly play a vital role. An organisation’s risk management function need a thorough understanding of the constantly evolving risks as well as the practical tools and techniques available to address them.
What do we mean by cyber risk?
‘Cyber risk’ means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems.
It will never happen to us….
All types and sizes of organisations are at risk, not only the financial services firms, defence organisations and high profile names which make the headlines.
FT–ICSA Boardroom Bellwether Survey, published in December 2016.
Cyber risk is considered to be the risk that is increasing by the highest number of people (80%), followed by social media risk (52%) and reputational risk (51%).
I promote the idea that the security conversation needs a baseline. That baseline is a statement of a known position much like a doctor would assess your health by measurement of height, weight, waist, blood pressure and then based on preliminary assessment consider more detailed and expensive assessment e.g ECG, MRI.
How do you start the preliminary assessment of security in your own time and without cost. Sound too good to be true? Your taxes have already paid for it as the EU has funded WISER.
Wide-Impact cyber SEcurity Risk framework
Be wise and use WISER
Conduct your own security evaluation when you click here