10.18.11
Cloud Security
[Cartoon]
IT says cloud security is inadequate. IT recommends caution in the use of cloud services. Caution is a good recommendation, but security is the weakest of reasons to delay a transition.
Cloud services often provide economical solutions to hardware, infrastructure, and business services. For startups and small businesses, cloud solutions may be the only alternative. For established organizations with large IT organizations, cloud solutions may reduce their costs or offer new opportunities.
Large IT organizations view themselves as the owners of any new computer-based technology. They expect their advice to be followed by their management on planning a cloud transition. This requires them to become experts on the subject of the “cloud”. Members of their staff will attend conferences. They will bring in consultants. They will read articles and books. They will learn to speak the language of the cloud computing.
What IT will learn is that their control of technology will be reduced when cloud services are used. This places IT in a competitive role with the providers of cloud services. This competitive role makes it difficult for IT to give cloud services a fair evaluation.
Often IT will point to security as the primary reason to avoid cloud services. They are taking advantage of their senior management’s fear of having their corporate data exposed on the internet. What IT fails to point out is that vulnerabilities in their own operation are exactly the same as in the cloud.
IT can produce a barrage of reasons why their approach to security is better than the cloud. Most of this is “smoke and mirrors”. The actual distinction between cloud providers and IT is who the senior management trusts most. Do they trust their IT professionals more than the professionals that deliver cloud services?
Since trust is often an issue of who you know, IT will usually win the trust comparison. With this win, they may delay an organization from realizing cloud-based opportunities.
The best approach for any organization considering cloud services is to let the Enterprise Architects provide the evaluation. These architects should not be part of IT. They may be an organization separate from IT or independent consultants.
Caution in moving to cloud services is a good approach since cloud computing is new and will go through change during the next few years. Security is important in cloud services as it is in any computing services, but security is not a reason to avoid using cloud services.
Enterprise Architects are well-aware of the continuing evolution of technology. They creatively look for technology convergence that can provide breakthroughs in thinking. We are at one of those convergent junctions today. What is about to happen will give non-professional information technologists control of their use of automation in their business. No longer will they simply peer through windows and see only what applications let them see. They will be able to go inside, see how things work, and control their automation. – Enterprise Architects Masters of the Unseen City
Closing the Business / IT gap.
