As many of us grew up, our parents told us, being proactive will save you time. If you were in Boy Scouts, you lived each day to “be prepared”. However, in more recent years, some great examples I tend to cite again and again as I talk about organizational risk and security.
Sitting from his chair in the Cal Fire offices, while being filmed for a Netflix docuseries on the California wildfires, Ken Pimlott, retired Director at CAL FIRE, said “Everyone focuses on the response part. The fire that never started will always cost less on so many levels.”. While I am no firefighter, all of us in security often compare ourselves to either being a builder, or a firefighter because that is simply what we do each day. We make a conscious decision if we are going to make investments that allow us to step away from being a firefighter and do more proactive and constructive things with our time and break the cycle of constantly fighting fires. The idea isn’t to have a successful engagement when we are called to the fire and defend. It is to make sure we are never called. This requires up front investment, planning, and a new look into processes and people.
In October of 2018, we all watched in horror as Hurricane Michael came to shore as one of the most intense storms recorded in the history of the Florida Panhandle causing at least $25.1 billion (USD) 1 in damages, and 72 deaths. As the storm passed, and the pictures emerged, there was a scene of flattened beachfront communities and homes, except for one single home. A home with seemingly little to no damage to it. Barely even a mark. In fact, within days, the homeowner, Russell King, and his nephew Dr Lebron Lackey, whom helped him build the home, had the home available for rental again. How was this possible? This simply was an example of preparation. Mr. King and Dr. Lackey both built this home to survive this exact type of storm with 40 ft pilings, they chose concrete board, ballistic glass windows, and hurricane proof roofing and decking. They chose weather proof electricals and utilities. One interview quoted them as stating this was only about a 20% increase over the original price but allowed them to continue renting out days after the event, while miles around them, will be unable to build for months, if not longer. Easily covering the up-front investment.
These stories in up front investment have real-world applications in what we re dealing with in our own IT Security environments. When we invest in effective defensive planning, we don’t have to be fire-fighters. When we invest in vault-like environments to protect our most sensitive IP, we don’t risk the downtime in our business operations when we see competitors being taken out. This is all about business continuity when cyber-attacks continue to increase the point of risk for our organizations.
Assisting any builder in the construction of a weather proof home, or a fire chief in developing a battle plan is a risk prevention plan that looks ahead at measures that can be taken 12 months or more in advance to ensure that the defensive postures never need to be taken, that repairs never need to be made. It is with this same intent that Oracle and KPMG once again have joined forces this month to release the Oracle and KPMG Cloud Threat Report 2019 takes a detailed look at organizations that are investing in a hybrid cloud strategy, or actively planning to lift and shift their workloads to the cloud. This report takes a detailed look at the steps organizations are taking along this cloud journey, the challenges they are experiencing, and what results yield the most positive impacts in reducing risk and exposing the organizational data to threats.
More and more organizations are using business-critical services than ever before and with this, it is more important than ever before to implement overlapping security controls that includes people, process and technologies, according to this year’s report, to ensure a more secure hybrid cloud journey, and to ensure our staff can spend more time enjoying the business, not fighting fires.
For more information on this year’s report, visit us at the Oracle and KPMG Cloud Threat Report 2019 page.