Marcia Kaufman, COO and Partner at Hurwitz & Associates has joined my blog as a collaborator. Marcia has great insights into compliance, governance, and security in the cloud.
Are you bypassing CIO policies to access cloud services?
I recently spoke with a CIO of a large and highly regulated organization about his company’s experiences with cloud computing. Security and compliance issues are top priorities for this CIO causing the company’s leadership to move with caution into the cloud. He expects that all cloud implementations throughout the enterprise – from Software as a Service (SaaS) to Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) will receive prior approval from his office. This CIO is implementing the same approach to security and compliance that he has taken with every project undertaken within the company. In other words, security must be implemented following a centralized approach in order to ensure that information governance policies are upheld. The company’s cloud experiences so far have included the on-demand purchase of extra compute power and storage for development and test on two small projects as well as use of Salesforce.com in several business unit sales teams. Overall, he feels confident about the level of control he has when it comes to managing cloud security issues, and understanding the potential impact of the evolving cost and economic models of cloud computing.