Information security: a continuous and participatory process

Let's be honest: information security is more than a desire or a goal. If you believe that an application, a data storage or an infrastructure are completely safe, we have to work on the idea of ​​continuity and responsibility.

Security goes beyond the structure provided by cloud computing , and must be considered a continuous work process with shared responsibility among all members of an organization.

Real examples, with financial and image impacts for large companies

We are in 2014 and the giant Sony has stolen approximately 1.5 terabytes of data, and that is to say, unpublished episodes of the Game of Thrones series and other relevant information have been filtered. How is it possible that a leak of this proportion occurs and nothing is noticed?

Yahoo suffered the hacking of a thousand million user accounts in 2013 and in June 2017, the websites of the government of four US states, New York, Maryland, Ohio and Washington, were hacked, showing anti-American messages. 

In all cases, what we have in common is the financial and image impacts of companies and institutions that are aware of the importance of information security in their business strategies and, for that reason, make large investments in state-of-the-art technology, regardless of que se en la cloud or no.

So, the question that arises is how do public organizations and private companies suffer security incidents in this proportion, despite the fact that they are aware of the subject and invest so much in protection?

Information security is a challenge and not a monster of seven heads

The great challenge of information security for companies, regardless of the size of the sector, does not depend only on the available infrastructure or that the authentication processes adopted are sufficient. All it takes is a click on an innocent email message from a well-intentioned employee to swindle years of effort and millions of dollars invested.  

Like Amazon, investments in network assets, software solutions, certifications and regulatory compliance are a priority and are offered to all of its customers, of different sizes, sectors or countries. Computing in the cloud is part of it and does not treat information security as a monster of seven heads, which is why it incorporates the challenge as a continuous and shared process.

This sharing is due to the need for everyone to do their part , in addition to all the necessary infrastructure to guarantee security, it is necessary that companies and their employees respect the policies and processes created to reduce the risk of security incidents.

In addition to prevention, it is necessary to know how to treat situations such as those described at the beginning of the article. Knowing how to recognize incidents is part of the continuous improvement process and demonstrates that companies are concerned about information security and do not make efforts to guarantee it continuously.

Get more knowledge about the security of information on the cloud through our blog and social networks. Sky.One experts and the data and information of your customers and your company.