When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Security Strategy & RoadmapData Privacy & Protection
2.8k viewscircle icon3 Comments
Sort by:
Director of Information Security in Finance (non-banking)9 months ago

When it comes to big environments, my focus would be on Governance, huge installations, distributes over multiple data centres and more than one cloud provider tend to get lost in complexity.
Get a clear inventory of systems and data, define clear accountabilities and responsibilities and a structure to prove compliance top down.

SVP, Chief Information Security Officer9 months ago

Can you talk a little bit more about what you mean by multi-cloud environment? Multi-SaaS for workforce enablement? Multi-IaaS/PaaS for development and delivery of your own SaaS? Both? Something else?

HEAD IT in Consumer Goods9 months ago

data classification and sesnsibility is the main to look after.

Content you might like

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

When it comes to digital forensics and incident response, are you mostly relying on internal or external resources to conduct forensics?

External54%

Internal45%

Not sure

View Results

What were your org’s biggest motivations for implementing a cloud native application protection platform (CNAPP)? Pick the top 2.

Improve container security1%

Improve app security24%

Improve cloud security posture overall28%

Streamlining security operations15%

DevSecOps integration24%

Compliance needs6%

Reduce complexity1%

Something else

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?