Security of Cloud Solutions
How do you see cloud computing transforming your governance, and how have you embraced it?
Technology is everywhere today and is making life easier. It is imperative that we equip ourselves with the right technology to suit our requirement. Cloud computing for instance has been the buzzword these days and is proliferating across all organization. From our standpoint, we are trying to garner benefits of cloud solutions as well. We recently have opted for Microsoft’s cloud solution and are focused to provide its benefits to everyone. We aim to provide cloud-based e-mail services to all, especially those who work on field such as the sanitation workers.
Having said that the major challenge that a public organization face is safety of public data; cloud computing cannot be implemented in organizations, which store vulnerable data such as the Police Department, or a financial organization. We need to device ways to deal with the security threats that cloud solution pose.
Governments at all levels—local, state, national, and transnational— are exemplifying the benefits of becoming e-governments. What are your thoughts on getting this act right?
From the e-governance viewpoint, it is noteworthy of mention that city of Fort Lauderdale has featured in the ‘top ten list of digitalized city’. In 2015, it was ranked eighth while last year it climbed up to fourth position. Digital transformation has shaped the e-governance of the city, we have developed custom app, which enables a citizen to report incidents, seek paramedical or the emergency services through their mobile phones. E-governance here has been pretty organized and streamlined and the digital communities have voiced their opinion in its favor.
To have a fair idea of security in cloud solutions, it is important to understand the difference between vulnerability, a threat, and a risk
What is the traction for security in the midst of this digital transformation journey of an organization?
Security has become a major aspect especially after the implementation of cloud-based services. Nowadays some employees tend to bring their own device at work while others wish to work from home leaving the organization with least amount of control over their systems. Although cloud solutions are in place, however ensuring security through such platform has not yet been solidified. Presently, to nullify the security threats, we can have an in-house security team monitoring processes to avoid any breach.
What, according to you, is the distinction between vulnerability, a threat, and a risk from security standpoint?
To have a fair idea of security in cloud solutions, it is important to understand the difference between vulnerability, a threat, and a risk.
Vulnerability is a known weakness in the security of a particular application such as the security warnings or a known server issue.
A threat however is vulnerability that has spread internally or unintentionally without our notice.
I would like to define risk as the potential loss of assets resulting from a threat.
How do you create a balance between a robust data secure system and creativity of developers to introduce new features?
Security is a key aspect and after having framed a robust structure, introduction of new features will provide leeway for a security breach. To create a balance we need a certified information security officer to look from the security perspective and provide us insights. Having a security officer will bridge the gap between business and technology. It is also imperative to figure out the risk tolerance of an organization, which will help us maintain balance between security and creativity.
How do organizations, who are switching to cloud computing through vendors, create a balance between security and attaining business goals?
If any organization is switching to a cloud platform through vendors, the foremost task must be to evaluate the fine lines in the contracts in order to determine where the cloud data is being stored. It is imperative to know if the data is stored in United States or in a server outside the country, and if latter is true, then we must be aware of procedures to recover data from the cloud servers. The most important aspect, however is to assess the security aspect of the solution, organizations should have a close look from security perspective and the measures that are outlined by the vendor.
Is there any hobby or activity of yours, which has helped you in professional life?
I always have been a baseball enthusiast and have coached teams at various levels. From my coaching experience, I have learnt—‘being a people’s man is going to take you a long way’. The most important asset of an organization is its employees. In my opinion, it is crucial to treat employees well, put trust on them, and enable them to be creative. From management standpoint, it is essential that the employees aspire to do things, which in turn will benefit the organization.
With your rich experience of managing the IT organization and steering technology for your enterprise, can you please share some of the unique lessons learned and your advice for fellow CIOs?
If anyone aspires to be a CIO in a government organization, the biggest obstacle would be explaining the importance of security to elected officials. If these officials are not technology-driven, security for them would confine only to virus protection. It is imperative for a CIO working in such environment to ensure that the aspect of security is given due importance. Moreover, a CIO should monitor systems, processes, and workflows to avoid a security breach. At the same time, CIO should be ready to face security threats and device game plan to cope up with it.