2021 Call for Code Awards: Live from New York, with SNL’s Colin Jost! Learn more

Security planning to transform business operations on Cloud – Postpandemic

Abstract

The objective of the session is be to provide audience a panoramic view on what is the risk landscape that businesses need to consider while they are planning to quickly migrate whole / part of their operations from on-premise / managed – services model to Cloud platforms in the #post-Covid situation. While the businesses are striving to achieve resiliency and security in running their post pandemic business ops by transforming to Cloud -enabled business, what level of security planning and risk profiling they need to conduct before engaging with a CSP and what needs to be agreed upon in the Contract.

The session will speak in depth about three different areas:

(1) Assessing the risks and putting a pragmatic plan in place: This would talk about conducting a feasibility and due diligence study of what part of data and operations can be shifted to Cloud and gauging the risk landscape during and post migration. This would address understanding the geographic and regulatory requirements into factor. An implementable and measure plan with identified risks as well as mitigation measures would be discussed here.

(2) Knowing what you are responsible and accountable for: While the infrastructure, databases, storage and middleware or even applications can be leveraged or rented from the CSP, the accountability still remains with the business. This can be addressed by clearly identifying the security & risk management roles & responsibilities shared by the CSP and the businesses (Cloud consumer). We would discuss the “Shared Responsibility Model” here.

(3) Transparent and agreed upon contractual clauses: Finally this section discusses about articulating security SLA’s which talks about agreed upon governance and reporting. This includes areas like Logging and monitoring, Privileged access management, Incident Reporting, Regulatory reporting, Right to audit, Backup and availability and so on.

Expected outcomes (what will the student be enabled to do?): This would enable the students to understand how they need to advise Clients on conducting post pandemic Due Diligence assessment and provide recommendations on forming an effective and risk centric Contract with CSP

Speaker Bio

BIO – Sabitri Chakraborty – Sabitri is currently working as a Senior Managing Consultant in IBM Security Services, India. She has more than one and a half decade of experience in Information Security & Risk consulting. She has rich consulting experience and has helped numerous Clients across major Industry verticals in different parts of the Globe including Europe, America and ANZ. She has helped businesses assess their information risk exposure and enhance their security maturity as per business requirements and Industry standards. Sabitri has been part of consulting team for clients adopting Cloud in various capacities and she has been able to be a part of the changing cloud security landscape in advisory capacity. Sabitri is currently part of Cloud Security Strategy consulting team and leads engagements.