No Match Found
This article dives a little deeper into the new security questions and challenges that arise from introducing a modern workplace, and why it’s so important your CISO is part of the team from the beginning.
The introduction of a modern workplace solution like Microsoft’s M365 or Google Workspace will often completely disrupt your existing security and governance strategy.
There are basically two key reasons behind this.
Let's start with the latter.
Both our employees and our clients had high expectations when we started talking about a modern workplace solution. And these expectations triggered some interesting questions about how to meet these expectations in a secure way. I’m pretty sure that it won’t be any different in your company. For example, our employees had a number of expectations:
Our key priority is to secure our own and our clients’ confidential information and data. But we also want to use SaaS capabilities. How does this work with encryption? How does key management work in this context? Should we continue with container-based security or is object-based security the way to go? Maybe both?
Your responsibilities, choices and tasks when it comes to securing the use of cloud services are very dependent on the cloud service model you choose. Where IaaS is still close to traditional on-premise, the moment you start using SaaS or PaaS services everything changes.
Ordering a virtual machine at a cloud provider and installing your favourite CRM application on it is completely different from using Salesforce as your CRM. Using Microsoft’s M365 or Google Workspace can’t be compared with using desktop applications and an on-prem SharePoint server.
Your cloud computing environment experiences at a high level the same threats as your traditional data centre environment. Both environments run software, software has vulnerabilities, and adversaries try to exploit those vulnerabilities. But unlike your systems in a traditional data centre, in cloud computing responsibility for mitigating the risks that result from these software vulnerabilities is shared between the provider and you, the customer.
For that reason, you need to analyse the division of responsibilities and have trust that the provider will hold up their end of the bargain. You better shape your security and governance strategies to rely less on internal security, monitoring and control, and more on your cloud provider’s offerings.
So you have to understand exactly what these offerings are, where there are gaps, and how you integrate these offerings in your own process and application landscape. For each service you use, you will need to gain a thorough understanding of how things work in the case of
How do you or your supplier detect such events? How do you get notified? When? How can you notify your supplier if you detect it first? Who does what? How do you recover from such an event? Who is liable for what? Does your insurance cover such events?
All these questions need to be answered, documented and validated before you go live with any SaaS or PaaS service. It goes without saying that appropriate internal procedures need to be defined to address the above-mentioned incidents prior to the event.
Introducing a modern workplace has a big impact on how you do security. It therefore comes with a lot of questions that need to be answered and new services that need to be understood in detail.
That’s why it’s so important for your CISO to be involved from day one. In fact it’s best to start the discussion already today.
Henrico Dolfing, CIO at PwC Switzerland, is leading the cloud transformation at PwC Switzerland and enabling the new way of working our clients and employees expect. In a series of blogs, he reflects on our own workplace transformation journey and shares four lessons learned. For the last fifteen years he has helped C-level executives in the financial services industry with interim management and recovering troubled technology projects. Henrico has a strong technical background as a software developer and solution architect, including an MSc degree in computer science and a BEc in Economics.
If you’d like to find out more about PwC Switzerland’s experience with its own modern workplace transformation, register now for the webinar on 14 October.
Depending on the challenges you encounter on your modern workplace journey, our service map is designed to support you with specific issues assuring a smooth and compliant transition.