Ever-improving security tools have become critical to ensuring business resilience, but a technical expert has warned that many companies are actually compromising business resilience and data security by failing to build a holistic risk management framework that spans technical, supply chain, employee education, and other areas.
Alarmingly, 33% of the chief information security officers (CISOs) said that their security teams spend more time managing multiple tools rather than on performing real investigations[1]. A robust resilience framework, Lumen Technologies senior director for enterprise business John Hines explained, requires a unified security and continuity framework that incorporates robust backup and recovery mechanisms, identity and access management, and governance and compliance frameworks.
“Resilience needs to be a holistic, integrated approach that embeds security and continuity planning into every layer of the organisation,” he said, “with a comprehensive business continuity and disaster recovery plan tailored to your cloud environments – with a clear recovery objective and procedures around that.”
To ensure visibility of infrastructure and threats that target them, Hines said, companies need to leverage automated asset discovery tools to visualise the interdependencies between increasingly interconnected cloud applications.
That includes identifying and testing potential points of failure – using automated testing and integrated DevSecOps approaches to iteratively manage exposure – long before they bring down your business or that of your key partners.
Yet improving cloud security isn’t only about technological solutions: to get resilient and stay that way, Hines warns that businesses need to run regular vulnerability assessments and continuously train and re-train employees – not only about good security habits, but about their role in supporting resilience planning.
The key, Hines said, is to take a proactive approach to resilience within the company and across the supply chain – and to bring in the expertise of trusted partners that can guide the establishment of the governance, risk, and compliance (GRC) management strategies that ensure security architectures deliver the resilience that modern businesses require.
“Resilience is not just a one-time project,” Hines said. “The threat landscape is constantly evolving, so it’s a continuous journey of learning, adapting, and improving.”
[1] IDC Analyst Brief, Beyond Defense: Unifying Connectivity and Security for Proactive Cyber-Resilience, sponsored by Lumen, AP72372X, Feb 2025
Source link
