When designing a scalable modern cybersecurity architecture, what are some key data protection/privacy considerations to account for — especially in a multi-cloud environment?

Security Strategy & RoadmapData Privacy & Protection
2.8k viewscircle icon3 Comments
Sort by:
Director of Information Security in Finance (non-banking)9 months ago

When it comes to big environments, my focus would be on Governance, huge installations, distributes over multiple data centres and more than one cloud provider tend to get lost in complexity.
Get a clear inventory of systems and data, define clear accountabilities and responsibilities and a structure to prove compliance top down.

SVP, Chief Information Security Officer9 months ago

Can you talk a little bit more about what you mean by multi-cloud environment? Multi-SaaS for workforce enablement? Multi-IaaS/PaaS for development and delivery of your own SaaS? Both? Something else?

HEAD IT in Consumer Goods9 months ago

data classification and sesnsibility is the main to look after.

Content you might like

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

A CISO would be most effective if they reported directly into...?

Board9%

CEO42%

CIO39%

CTO6%

What CISO?1%

View Results

Is your organization developing a CBOM (cryptographic bill of materials), or planning to?

Yes - currently developing CBOM19%

We plan to do this in the next 1-2 years62%

No plans to develop CBOM19%

Something else/don’t know

View Results