Intelligent CISO Issue 55 | Page 45

Governmental institutions are expected to set the standard and demonstrate what is expected for data privacy and protection . environments or , they opt to trust the cloud provider ’ s in-built security policies . For instance , AD / LDAP integration , role-based access controls ( RBACs ) and traditional database encryption for data at rest are not always sufficient to mitigate risk .
industry unlocked analysing data shouldn ’ t be discouraged so long as it can be achieved securely .
Data breaches and cyberattacks are unfortunate and when such incidences occur , they delay the long-term growth of Digital Transformation projects , like cloud-based data analytics , due to the raised security and compliance issues .
Moreover , if a government organisation has cloud migration plans , the challenges of analytics and security are raised , particularly if these projects begin without data audits and classification processes .
This presents its own obstacles with the possibility of security coverage gaps appearing .
Plus , if those managing the project are likely to conduct everything in-house there may be a lack of resources or expertise to rely on . If security teams are involved from the outset , there is always the chance that outdated or traditional security controls are applied to cloud

Governmental institutions are expected to set the standard and demonstrate what is expected for data privacy and protection . environments or , they opt to trust the cloud provider ’ s in-built security policies . For instance , AD / LDAP integration , role-based access controls ( RBACs ) and traditional database encryption for data at rest are not always sufficient to mitigate risk .

Compliance teams might exacerbate these problems by mandating project owners mask their data or not use sensitive data at all . That might make it easier to achieve compliance but will deprive the organisation of the invaluable insights which analytics could deliver .
Such approaches are not conducive to any business , nor do help with future-proofing as they hinder or limit the scope and outcome of the project . Furthermore , many view security and compliance as checkbox exercises with a reliance on legacy solutions – both will www . intelligentciso . com
45