Optus | Commentary on governance, policy and procedure - Rackspace Technology
- Written by Angeline Maronese Managing Director ANZ Rackspace Technology
“This incident is all about governance, policy and procedure. You can have the best security solutions in place, but you are vulnerable to breaches without the right policies and procedures overlaid with effective governance.
“It is critical for organisations to take governance, policy and procedure as seriously as the architecture of the solutions, and implement secondary oversight and regular reviews of these policies and procedures so that a fundamental error like the one that occurred does not turn into a massive breach.
“Being on the front foot means adopting a Zero Trust mindset where every access request is digitally interrogated, even if users are already inside the network. A large part of this strategy means implementing control over applications so that employees can only access the tools and data they need – and nothing more than that.
“A healthy rhythm of governance, policy and procedures may seem boring and tiresome to team members, but it’s important to remember that all good work can be undone in a matter of seconds with poor management of the processes that govern security policies. With a growing hybrid workforce and continued migration to the cloud, adopting a Zero Trust approach is critical. If implemented correctly, not only will this approach result in a more secure architecture but reduce overall security complexity.”
