CSO: the art of catching the board's ear
- — 18 June, 2012 11:53
The Cloud genie is already out of the bottle
Whether you agree with Google’s answer to security, it is clear that Cloud computing, private and public, is accelerating and because of that CSOs must consider new approaches to security.
“Cloud computing is making clear the need for companies to rethink their approach to security,” says Dimension Data’s Da Silva.
“Performing Cloud computing ‘security readiness’ assessments with different customers, I have noticed a lack of awareness of required security architectures, governance and operational security controls to allow enterprises to leverage Cloud computing.
” The ones that had were mature and “doing the basics right” such as the managing application security,information life-cycle, encryption, incident response, business continuity management / disaster recovery (BCM/ DR), identity access management and governance.
“You are not going to give the keys of your kingdom to someone, before you do, assess your provider’s capabilities”, says Da Silva.
But it may be too late to react since it’s happening already, says Securosis’ Rothman, who expects CSOs to face increasing difficulties managing Cloud computing deployments.
“CSOs’ can try to get ahead of Cloud deployments by having discussions about the potential risks with engineering managers. But in reality, Cloud stuff is already happening within almost all enterprises. So, it’s a matter not so much of putting the genie back in the bottle, [but] rather figuring out what’s already out there and calibrating the risk.”