See our SolarStorm response
  • Network Security
  • Cloud Security
  • Security Operations
  • More
  • Get support
  • Sign In
  • Get Started
Cyberpedia
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
Cloud Security

Defining Organizational Cloud Security Responsibilities

3min. read

To be effective, security and compliance teams must align with business goals and objectives, and they must not be a bottleneck to productivity.

Beyond the Shared Responsibility Model, it’s important to define individual responsibilities for cloud security within your organization and ensure everyone knows what is required. It’s not enough—and even a bit of a cliché—to simply say, “Security is everyone’s responsibility.”           

Executive leadership teams must sponsor cloud security efforts. In today’s regulatory landscape, executive sponsorship is practically mandated. The potential financial impact to a business of regulatory noncompliance can be as devastating as (or worse than) a data breach itself. Beyond the financial penalties, many regulations carry criminal penalties for business executives and other fiduciaries of a business.

Executives must lead by example. If corporate policy requires corporate data on mobile devices to be encrypted and access to SaaS applications needs multi-factor authentication (MFA), then “one-off” exceptions shouldn’t be made for executives. Beyond leading by example, executives need to ensure that security and compliance initiatives have the appropriate support and resources, and that the impact of strategic business decisions on the overall security and compliance posture of the organization is always considered.

Security and compliance teams must define and enforce appropriate policies that securely enable the business. To be effective, security and compliance teams must understand and align with business goals and objectives, and they must not be a bottleneck to productivity and efficiency.

Line-of-business managers have a responsibility to ensure that the organization’s cloud security and compliance governance is understood and adhered to within their respective areas of the business. As business needs evolve, line-of-business managers should partner with security teams to evaluate the risk versus return of adopting new tools. Circumventing a security policy, such as a requirement to use only sanctioned SaaS applications, to achieve a short-term business objective or productivity goal should never be acceptable. Instead, the security tools should adapt to the business need and drive the desired user behavior.                  

Working with security and compliance teams also helps to ensure that individual lines of business are able to take advantage of any current relationships the organization may have with vendors or cloud providers to procure services more economically and get support quickly when it’s needed, instead of operating in a vacuum with siloed cloud technologies and products.

DevOps teams are under constant pressure to deliver software projects and updates quickly and reduce time to market. To meet these demands, security requirements must be defined and understood at the beginning of any project and, ideally, integrated into the application delivery workflow. In this way, development teams can continue moving forward without frequently having to stop and reset to address security vulnerabilities and compliance violations.

Individual end users have a responsibility to follow corporate governance with respect to cloud security and compliance. They must understand the inherent risks in the cloud and safeguard the data to which they have been entrusted as if it were their own personal data.

 

Be the first to know.

As a member you’ll get exclusive invites to events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Subscription Reward

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Careers
  • Contact Us
  • Manage Email Preferences
Report a Vulnerability
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)
  • Facebook
  • Linkedin
  • Twitter
  • Youtube
Create an account or login

© 2021 Palo Alto Networks, Inc. All rights reserved.