Cloud is a journey every enterprise is undertaking for various reasons, and due to the current crisis, it has assumed an accelerated mode. The new normal has tremendously increased remote working, which means potential increase in threat vectors and attack surfaces. This puts business resilience at the forefront.
Common concerns and challenges which the enterprises go through with their cloud journey involves misconfigurations, risky changes, vulnerabilities due to patching, regulatory/compliance non-adherence, DevSecOps to Zero Trust, and so on. In the market, there are solutions which address one or couple of these areas and fall into the category of Cloud Security Posture Management and Cloud Workload Protection Platform. However, these fall short of the need.
The need for a holistic risk management solution
The need in the industry today is to have a single pane of glass solution that delivers holistic risk and threat view, and at the same time, provides automated compliance adherence view of cloud-based business applications.
There is also a pressing need to have a uniform methodology and framework in place that helps assess hundreds of business applications hosted on data center for fitment to migrate to cloud, based on various security, compliance and regulatory scenarios.
Think of a solution or framework that automatically recommends security controls needed to protect your business applications identified for cloud migration and provides ability to perform gap assessment against identified security controls to ensure there is a sufficient plan in place to protect applications once they migrate to cloud. How about enabling an ability to store all those controls evidences, which can then be referred in future when you appear for internal and external audit?
A structured approach to cloud application risk management
We realized this need working with multiple customers and built a solution called Cloud Application Risk Governance (CARG) as a framework to address a customer’s need starting from pre-migration to cloud to continuous controls and threat monitoring of business applications once in cloud. Figure 1 shows various building blocks for CARG.
Figure 1: Building blocks of Cloud Application Risk Governance
Secure and resilient business on cloud
An enterprise should look for and adopt a framework that helps their cloud journey - before, during and after cloud migration. They should look for abilities that help in identification of right business applications that can be a candidate for cloud from security perspective, and perform required assurance of how applications will be protected in cloud. Most importantly, once business applications are migrated to cloud, ensure automated threat identification, risk reporting and various compliance and regulatory requirements visibility in an automated fashion through a single pane of glass.
Our robust CARG framework will help you achieve the goal of being compliant in the cloud for the current and the future state. Reach out to us at cybersecurity.services@wipro.com OR bhaveshkumar.bhatt1@wipro.com to take this conversation forward.
Siva VRS
Global Practice Head for Cloud Security, Digital Security Practices and Head of Partner Ecosystem at Wipro's Cybersecurity and Risk Services
Siva is a Global Practice Head for Cloud Security, Digital Security Practices and Head of Partner Ecosystem at Wipro's Cybersecurity and Risk Services. He has 20+ years of experience across geographies – Americas & APAC – providing strategy, solutions, consulting, partnerships and driving growth across industries. He can be reached at siva.vrs@wipro.com
Bhaveshkumar Bhatt
Cloud Security Practice Head at Wipro's Cybersecurity and Risk Services
Bhavesh is a Cloud Security Practice Head at Wipro's Cybersecurity and Risk Services. He is a cybersecurity professional with 19+ years of experience in security covering business strategy design, solutions and services development, and program and delivery management across industry verticals. He can be reached at bhaveshkumar.bhatt1@wipro.com