Thirty percent of respondents in the Oracle and KPMG Cloud Threat Report stated their biggest cloud security challenge is aligning regulatory compliance requirements with their organization’s cloud strategy. This is not to mention the increasing number of threats companies must face every day. Limited resources and staff often leave organizations spread to thin when trying to meet their security and compliance objectives.
This week we sat down with Ted Sherrill, Senior Director of Security & Regulatory Solutions in North America at Oracle for a Q& A about the current state of security and compliance for organizations making a transition to the cloud. Our conversation was sparked by the upcoming webcast, Oracle Adaptive Controls for Evolving Threats and Compliance Requirements, this Wednesday, May 8th. We examined some challenges, companies face as they strive to abide by compliance requirements while continually fighting these evolving threats.
Cloud transformation has become a priority initiative for most organizations, how should IT/Security teams plan to adopt cloud services while keeping their compliance needs in mind?
Security and compliance budgets are limited and every control requires an effort to implement and sustain. Because of this, it’s important to limit the number of controls required for attaining regulatory requirements as well as meeting risk remediation objectives. Utilizing a security framework like NIST can help an organization identify which controls can be utilized from both a compliance and remediation perspective. It’s also vital to understand which of these controls can be utilized both on-premises and in various cloud environments, because if you don’t apply compliance and security in a strategic way, you may implement duplicate or unnecessary controls.
It’s been a year since GDPR took place and CCPA is just around the corner, how do you think organizations in North America will respond?
Many organizations were not subject to the GDPR due to not collecting EU resident data such as some organizations that operate in North America only. Many of those organizations are going to be subject to the CCPA and therefore will need to attain reasonable security procedures and practices for protection of the personal data along with attestation for what personal data they possess for a data subject and which third parties this information is sold to. The organizations that are subject to the EU GDPR have a head start on organizations that were not but many of them are having to enhance their policies, processes and controls for the variations with CCPA. Oracle provides solutions like the Database Security Assessment Tool (DBSAT) that can assist customers with identifying where personal data resides and existing controls in place to protect it.
To hear more from Ted and learn about adaptive controls register for this upcoming webcast, Oracle Adaptive Controls for Evolving Threats and Compliance Requirements on May 8 and join us on twitter to get the latest on all things Oracle Security.