Firewall 8.1: Optimizing Firewall Threat Prevention (EDU-114/214) – Certificate of Completion
The Importance of Securing Your Cloud
Take a minute to think about your own home security system. Do you just lock the doors with the key and head off to work, fully secure that your valuables will still be there when you get back? Not likely. Many of us have at least a simple alarm system in place on doors and windows. More and more people are heading toward the latest trends in home security: motion sensors, 24-hour video cameras, remote door answering, etc.
Why does securing your cloud matter? Three enormous reasons:
- Your cloud provider is only managing part of your security.
- Cloud security lowers the risk of data breaches.
- The minimum level of security compliance should never be enough.
Your security vs. cloud security
Let’s talk about your security against the cloud service provider’s security. The provider has specific language in any contract it signs with you concerning what it is and isn’t responsible for if there is a security breach. In its 2016 “Cloud Adoption & Risk Report,” SkyHigh Networks reported that the average user in an organization employed 36 different cloud services at work. That’s 36 potential security breach points into your cloud and 36 ways for information to leak out. By introducing all of the apps you need to make your business run to your cloud environment, you must take on the responsibility of ensuring that they are only serving their necessary capacity when analyzing and manipulating the data stored in your cloud.
It is integral that you manage all of your cloud-based applications and treat them all as security risks until the day you can scratch them off that list. The old days of hiring a third-party app to plug-and-play into your network are long gone. Your best way forward should be with a Security-as-a-Service (SECaaS) solution. Just like your infrastructure, software and your share of the cloud itself, SECaaS is the scalable solution that can handle your growth but also downgrade in the event your business shrinks. Even an in-person, onsite IT expert is not available 24 hours a day, 7 days a week, but a SECaaS is. The service can deploy solutions instantaneously when problems or suspicious activities arise, unlike in a traditional setting where everyone is waiting around for the IT professional to respond to a call for help.
The high price of data breaches
As for breaches, a 2016 study showed that the estimated cost of a data breach for a company is US $4 million. If your company has an extra $4 million lying around, by all means don’t fret about your cloud security. That figure might seem high at first glance, but there’s far more at work here than merely a loss of data or intellectual property. When you take a public data breach, word travels fast. Your best employees will be more receptive to offers from competitors. Your recruitment will suffer as those entering the workforce and those seeking to switch employers will take a lot harder look at what sort of company gets breached and what kind of company they’re looking to work for. And last but not least is the impact your data breach will have on your company’s public perception. The public has an incredibly long memory when it comes to embarrassing incidents for public companies. Don’t believe it? Fast-food giant Jack in the Box had a scare with mislabeled meat in 1981, and 37 years later, it’s still one of the top Google results for the restaurant chain.
Nobody wants the minimum
You didn’t get into business to do the bare minimum when it comes to protecting your assets and your customers’ information. No salesman has ever told a customer that he’d do the absolute least amount of work he could to get the customer’s business. The same excellence you strive for in taking command of your market and maximizing your profits should be applied to keeping your cloud secure.
To ensure the security of your cloud, consider adding dimensions such as multifactor security, where even if an employee’s login name and password are stolen or compromised, the party that took it still cannot access your cloud without an additional layer of security. Simple steps like this can be the difference between a secure cloud system and one just waiting to be picked apart by hackers.
Marty Puranik, CEO, Atlantic.Net
[ISACA Now Blog]
Inclusion and Diversity: How Do We Lead?
At Palo Alto Networks, we’re committed to creating an environment where all the members of the team feel inspired to do their best work and contribute to the mission of protecting our way of life in the digital age. To do this, our team must better reflect the world we live in and secure with our products and services. For us, this means Palo Alto Networks should lead our industry on inclusion and diversity (I&D). It’s ambitious, but achievable, as we focus on fostering a workplace that welcomes every culture, gender, age, sexual orientation, disability, background and experience.
A key feature of our corporate culture is self-awareness, so let me start by sharing my perspective on how we’re currently doing. The short answer: we must do better as a company.
On our website, you will find numbers and percentages associated with the composition of our team across race and gender, which, as you can see, does not represent the world in which we live. While the data is humbling, sharing it is an important step in the work and commitment required to achieve true inclusion and diversity across our organization.
As a company, we’re experienced at bringing technology leadership to the market: launching, iterating, improving, and repeating those steps until we are the best. We will do that here as well. Research shows conclusively that diverse teams are more creative, innovative, and perform better than teams that are not diverse. Having people from different backgrounds – particularly those who have been historically underrepresented in the tech industry – at the decision-making table will lead us to better business outcomes and result in better products to meet the needs of the broad spectrum of people we serve worldwide. It’s common sense backed by empirical research. More importantly, it’s the right thing to do.
These numbers have prompted me to think a lot about the corporate culture we have cultivated at Palo Alto Networks. While I am proud of our core values of putting our customers first, transparency, and a “no egos” approach, at the end of the day, inclusion and diversity must be part of our company DNA if we are to make meaningful change. We need the entire company to embrace this effort.
Ultimately it all comes down to action. We’ve launched a number of initiatives to build a culture of inclusion at the company, through our own internal programs and by signing on to the CEO Action for Inclusion and Diversity pledge. Here’s a snapshot of where we’ve been focusing:
- Launched our “Power of Inclusion” training program to help employees understand the research on inclusion and diversity, reflect on their experiences, personalize what inclusion and diversity means to them, and identify actions they can take to create a more inclusive workplace. All people managers worldwide will be expected to complete the training by July 31.
- Recognizing that training is not enough, we are also in the process of planning ongoing, systemic efforts to put this training into action with toolkits and resources for employees and managers to help build more inclusive teams and a more inclusive culture.
- Enhanced our hiring practices to better focus on attracting candidates with diverse backgrounds and expertise. For example, we’ve partnered with organizations like Direct Employers and InHerSight to post our jobs on over 150 channels focused on diverse communities. We are ensuring diversity in our interview teams and rolling out a “License to Hire” training program for interviewers to eliminate unconscious bias in our hiring processes.
- Expanded our Employee Networks to foster a greater sense of community across our organization. So far, we have network groups for women, veterans, Black and Latino employees, and early-in-career professionals. Muslim, Asian and LGBTQIA+ networks are in the early stages of forming, and I encourage more to come.
- Established the Mosaic advisory board, a diverse group of women and men from across the organization responsible for providing guidance on companywide I&D investments and championing I&D efforts within their own organizations.
- Deepened our relationships with the National Center for Women & Information Technology (NCWIT), AnitaB.org, Women of the Channel, VetsinTech and National Society for Black Engineers (NSBE). With NCWIT, for example, we are creating training and resource kits for thousands of community college career counselors to encourage female and minority students to consider cybersecurity, and we will launch a new Collegiate Cybersecurity Award to recognize the cybersecurity achievements of college women.
- Through our collaboration with Girl Scouts of the USA (GSUSA), we are introducing cybersecurity education to millions of girls across the United States through compelling programming designed to increase their interest and instill in them a valuable 21st century skillset. This national effort is a huge step toward eliminating traditional barriers to industry access, and will target girls as young as five years old, helping to ensure that even the youngest girls have a foundation primed for future life and career success. The first in a series of 18 Cybersecurity badges will be available to Girl Scouts throughout the United States in September 2018. We’re also partnering with Black Girls Code to develop a cyber camp that will be delivered this August.
There is so much more to do and, in addition to the internal discussions we’ll have as a company, we continue to seek input and advice from outside experts. We are committed to providing you with updates on our progress and look forward to suggestions and feedback.
Mark
[Palo Alto Networks Research Center]
