CIO Straight Talk - Issue 11 - 12

Managing
Security and Risk
Data privacy, security, and risk management are

up the environment to the world. Enterprises should

always top of mind for CIOs - and will be important

be aware of such public cloud functionalities that may

considerations as they increase their use of public

violate corporate security policies, Dutta says, and be

cloud resources.

able to detect and remediate for such violations if they
were to occur.

"One of the key learnings of cloud migration is that
you are not outsourcing your security model to a

Yuri Misnik, Executive General Manager and CIO at

cloud provider," says Rob Krugman, Chief Digital

the National Australia Bank, agrees that security

Officer for Broadridge Financial Solutions. "While

and data protection are top of mind. His cloud-first

the cloud provider may be responsible for physical

organization is piggybacking on the investments

security, you are entirely responsible for securing

its major cloud partners are making in this area to

your services and environment to ensure your

deliver better and more efficient security tools.

solutions are running properly."
One challenge is extending an organization's own
security policies, controls and postures to the public
cloud platforms. "How do you take all of that and fit it
for use in the public cloud, enforce it, and monitor for
violations?" says Partha Dutta, Head of Cloud Services
and Security Architecture for Veritas Technologies.
"To extend the security perimeter of your on-premises
and data centers into the public clouds, you have
to build your own security stack, integrating with

"HOW DO YOU TAKE ALL OF
THAT AND FIT IT FOR USE IN THE
PUBLIC CLOUD, ENFORCE IT, AND
MONITOR FOR VIOLATIONS?"
PARTHA DUTTA
HEAD OF CLOUD SERVICES
AND SECURITY ARCHITECTURE
VERITAS TECHNOLOGIES

vendor products where available, depending on your
workloads." Because each vendor's product works in
a functional silo, providing solutions for only a sliver of
the security pie, it is up to the enterprise to solve for

Another concern is the concentration of risk. "Australia

the overall security pie, addressing threats through an

has four major banks with nearly 90 percent of the

end-to-end lens, Dutta says.

market. If all use AWS [Amazon Web Services] in
Australia, that's a systemic risk," Misnik says. "We have

Another issue is that each public cloud platform is

to think about how we address that, probably through

a bit different, and significantly different from data

the use of multiple cloud providers."

center models. "In a true hybrid environment, you

12

should be able to use and secure enterprise workloads

Guardian Life Insurance EVP, CIO, and Head of

in multiple clouds - from Amazon, from Google, from

Enterprise Shared Services Dean Del Vecchio

Microsoft - as in your data center," says Dutta. "But

says the company's primary cloud partner, AWS,

securing public clouds requires a knowledge base

has helped the company enhance security and

about each of them, as well an understanding of

compliance. However, the insurance company is

how the security models of public clouds differ from

assessing the need for cloud data bunkers in the

those of your data center." For example, the agility

future. "As we get more mature and go further down

and flexibility of public clouds - the programmability

this road, we'll explore things like that which add a

nature of infrastructure as a code - could easily open

third layer of resiliency, he says."
CIO Straight Talk - Issue 11

Table of Contents for the Digital Edition of CIO Straight Talk - Issue 11
