Questions CIOs Often Ask On Cloud Security

191 views Reading Time: 3 minutes

A discussion with IT leaders and managers on cloud security is always an interesting one. While I’ve had the pleasure of having multiple such discussions over the last 2-3 years, the roundtable I chaired during the recent NASSCOM India Leadership Forum 2013 was a league in its own. With a mix of CIOs and CISOs of global organizations, the discussion was around topics like adoption of cloud computing, workload management, making the choice between public and private cloud, cloud security standards among many others. What truly stood out of this discussion was the deep-rooted understanding by CIOs on the increasing relevance of Cloud for their orgs and their commitment to use cloud-delivery for increasing number of workloads.

Below is a list of questions that often feature during such conversations.

  • Are my peers in other organizations adopting, planning or exploring Cloud delivered services?
  • Is my on-premise infrastructure more secure than cloud?
  • How different is Cloud security to the previous on-premise and hosted scenarios?
  • Is Private cloud more secure than Public cloud?
  • How should I assess my cloud provider?
  • How can I better manage data privacy for cloud delivered workloads?
  • What industry certifications should I look out for?
  • What are the key compliance requirements I need to adhere when using cloud for my org?
  • Are there any industry bodies certifying cloud providers?
  • Do I need to re-skill my team to better manage cloud providers and security?
  • My peers tell me Cloud is both a legal and contractual nightmare. How true is this?

Point of View

Cloud computing as a new service provisioning mechanism is graduating to become a mainstay option for organizations. Despite the skepticism and varied maturity, CIOs are exploring, pilot testing or using in production Cloud offerings in some form or shape. Earlier touted to be only popular with startups and small and medium businesses, cloud offerings now meet the criteria of enterprise IT and are supported by all key IT vendors. However, a large chunk of IT decision makers continue to approach cloud computing as a short cut to lower IT costs and not link IT and business priorities that ultimately define the success of an orgs’ cloud strategy. While a focus on cost savings and operational efficiencies from Cloud offerings is justified, business leaders want quicker time-to-market and higher agility. To ensure success of the cloud strategy, it’s critical for IT leaders to bridge this disconnect.

More specifically on security, it’s important IT leaders don’t rubbish cloud services only based on perceptions and spend time understanding security measures implemented by cloud providers. Cloud offers multiple benefits through automation (higher efficiency) and shared resources (economies of scale) and cloud providers like Google, and others are investing heavily in people and assets to better manage security. Contrary to the popular belief, moving to cloud can actually reduce security related concerns for an organization.

What are your thoughts on this topic? As an IT leader, do you ask similar (if not the same) questions listed above or do you have any additional areas of concern? 

SVG 200x200About The Author: Sanchit Vir Gogia is the Chief Analyst & CEO of Greyhound Research, an independent IT & Telecom Research & Advisory firm. He also serves as Founder & CEO of Greyhound Knowledge Group that operates under four brands – Greyhound Research, Greyhound Sculpt, Greyhound Technocrat and Greyhound Vivo. To read more about him, click here.

Leave a Reply