Chances are if you are reading this article, you have already moved some, or perhaps most, of your IT infrastructure to the cloud. While most organizations spend lots of time, energy and money developing strategies for integrating their important data and workflow to the cloud, they usually don’t worry about security and risk management strategies until after the migration. In fact, many organizations assume that it’s okay to maintain their existing strategy they were using before the move.
WELCOME TO OUR BLOG
Many IT decision makers look at assets as hardware, but really they should consider why they have the hardware in the first place.
These decision makers remember the very significant investments they made in servers, PCs, firewalls, and so on in order to deploy that new CRM or Electronic Medical Records System. They think of the tens of thousands of dollars they spent just to get their system functional. It’s understandable then that the memory of this investment makes many decision makers forget why they invest in these systems in the first place, which is to gather and manipulate data for critical organizational functions. So the real asset they are protecting is that data.
Much of my time spent working is focused on performing technology assessments against some kind of baseline. Most of the time, these are specific government or industry standards like HIPAA, NIST, ISO and PCI. But when some of my clients reach out to me about evaluating their environment in light of these standards, it’s often done out of a feeling of obligation in which they are reacting to some kind of demand from whoever is overseeing their work.