Creating a Culture of Security

It’s no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It’s not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. Security has become everyone’s job, and its management has become a strategic concern of the enterprise.

The way forward is for the enterprise to build a culture of security, an awareness of risks and controls, and a set of norms and practices that align with keeping the enterprise secure.

As soon as an enterprise deploys an IT capability, innumerable attempts will be made to hack it. But the threats to our systems come not only from bad actors.

IT systems can also be defeated by bad data, unexpected surges in usage, untested edge cases involving concurrent operations, cascading failures, and speed issues that multiply geometrically.

In order for our systems to securely perform their jobs, they must also be scalable, resilient, available, well-tested, performant, and tolerant of failures and unexpected inputs.

 Digital
AWS

Share content on email

Share