October 31, 2023
How can companies prepare for an outage at a major cloud service or cloud infrastructure provider? Public cloud outages are getting worse, and any outage can be costly and highly damaging for your company. Yet, the cost and difficulty of building a resilient infrastructure can be just as daunting.
In this archived keynote session, Sherelle Moore, Owner and CEO of Cyion Cyber, and Vince Hwang, Senior Director for Products and Solutions of Cloud Security at Fortinet, reveal the best cloud crisis management solutions and how to prepare now for the inevitable and rebound more quickly.
This segment was part of our live “Cloud Crisis Management” webinar. The event was presented by InformationWeek and sponsored by Fortinet on October 17, 2023.
View the archived “Cloud Crisis Management” live webinar on-demand here.
A transcript of the video follows below. Minor edits have been made for clarity.
Sherelle Moore: So, we have here, the seven stages of cloud crisis management. We know that we need to assess risk all the time. That's pretty much the beginning of identifying what your major key players are, and where you get your most important information. What is the risk if that information or data was compromised? Then, you'll move into the planning phase.
Identify your crisis leadership team. Who are going to be your key soldiers in the event of a cloud management incident within your organization? So, you'll want to start with security operations, executive leadership, and legal teams. You'll also want to identify that crisis management team. Who will be the key player relaying that information to and from the audience, and key stakeholders?
Again, we have this nice plan, and I'll explain to you why I have plans in here all the time. And then, you want to also determine your business impact. This also goes hand in hand with assessing the risk regarding the potential impact on the business and how it impacts the organization in the event of a crisis.
Then, you’ll want to plan and identify a cloud provider that can help store your information in the case of a crisis. They'll help put your major incident management plan in place to make sure that you have business continuity, and disaster recovery efforts are in place to aid that. And then you have the response time. These plans should be implemented based on the risk assessment.
You must review and update those plans annually and securely, and any organizational changes such as a new cloud provider, should be documented. I have plans all over the place because you want to continue to plan throughout your operations. There is a famous quote that I learned, 'If you fail to plan, then you plan to fail.' So, that is why we always continue planning when it comes to preparing for any cyber crisis.
On this slide here, we're talking about cloud crisis management and major incidents. In conjunction with the previous slide, it is extremely important to communicate to ensure that information flows from the top down and from the ground up when we have any incidents at our organization. We want to start our communication from the first from the first sign of any incident that happened within the cloud environment.
That allows accurate information flow, and it outlines all concerns to minimize any possible confusion that can happen. And then we'll move on to communications and coordination. Ensure that all business functions are aligned with resources allocated efficiently. It allows for prioritization and the duplication of efforts optimizes response times and efforts. So, collaboration goes hand in hand with communication.
As a team, we want to always collaborate efficiently to ensure accurate information that flows properly. Including all key stakeholders on the communication chain promotes knowledge sharing across teams. Security operations teams, network teams, data or backup teams, storage, or server teams -- everyone is communicating and collaborating in the event of a major incident in your cloud environment.
Putting information in the cloud ensures business continuity, scalability, scalability, data availability, faster deployments, and it also helps your organization achieve both security and compliance.
Vince Hwang: Thanks so much Sherelle. Hi, everyone. This is Vince Hwang here, Senior Director for Products and Solutions of Cloud Security at Fortinet. So, what I want to talk to you about is built upon what Sherelle just talked about in terms of the Five Ps of crisis management. We should also think about what I would like to introduce as the 'sixth p' in product management.
What is that? That's procurement -- you can plan, you can protect, you can do a lot of things, but sometimes most of the planning goes to pre-planning. Thinking about it from a pure procurement and planning perspective makes a lot of sense. Because sometimes, no matter how you do things and how technical things are, the speed of recovery also relies on the ability to have the right solutions and tools at hand.
But there's a bit of balance that you must think about. When you think about cloud, many CIOs, CFOs, and CEOs today -- particularly the CFO is now part of that story, they come in and want to be involved, because cloud costs can add up. When you're in crisis management, and you're thinking about a crisis, there's a balance point between investing ahead and not investing ahead.
What is the consequence of that? On top of already insurmountable cloud costs to some CEOs, right? So, when you have the right procurement strategy in place, you can really help the speed of recovery and crisis mitigation. So, let's talk a little bit about why and I'll give you two scenarios.
Why procurement? Surprises can happen on a normal day, such as outages and disasters. You could be utilizing a cloud provider, right? You could be in a hybrid cloud world where you have some local backups and some things in the cloud.
Read more about:Business Continuity/Disaster Recovery
About the Author(s)
You May Also Like
3 Real-World Challenges Facing Cybersecurity Organizations
Ultimate Guide to Building a Data Governance Program
Choice Hotels Goes 'Lights Out' with Remote Power Management and Server Access from Raritan
Best Practices for Modern Data Management in Banking: Compliance & Capital Without Compromise
Cyberthreats Racing Ahead of Your Defenses? Secure Networking Can Put a Stop to That