The First Annual Big Cloud Event took place in Minneapolis, MN in June. Layered Tech was a sponsor of this event, and I delivered a presentation on Big Cloud Adoption. This event was billed as the first annual; the second event is already scheduled for March of 2014 in Las Vegas, NV. Although many cloud-related topics were discussed at the event, many discussions focused on cloud adoption, or the lack thereof, for Fortune 1000 companies.
The cloud has become ubiquitous for most of us. To begin with, if you use a smartphone for anything beyond simple dialing and answering calls, you are almost certainly using the cloud. To the point, cloud adoption by large corporations can be hit or miss. The big question to be answered is “why?”
A couple of years ago, the simple answer to why organizations started using the cloud was cost. Now, more organizations are discovering that the cloud may cost a bit less, but more importantly, using the cloud effectively allows you to spend your computing dollars on resources more efficiently, when and where you need them.
Of course, one of the traditional reasons for not using the cloud has been the fear around security in the cloud. Without question, not every cloud solution is able to offer the security and controls that you need for sensitive or controlled data. That being said, there is no fundamental reason why security and control needs cannot be met in a cloud environment. In order to establish how much one should spend on security controls, your baseline will usually start with what is required for compliance with applicable laws, regulations, standards and policies.
Once your baseline has been determined, focus on the true value of what you have, and what you do. This is not as easy as it sounds for many organizations. The reason to do this is to ensure that you never pay more to control a loss than you would have lost if your resource(s) were comprised or completely lost. That sweet spot is your high-water mark for spending on security and controls. When this component of risk management is viewed as such, you can make better decisions about cloud computing and other areas of investments in your organization.
I will be presenting a session on Business-Critical Security and Compliance in the Cloud at the ACA 74th Annual Convention & Expo on July 15th in San Diego, CA. I hope to see you there.
About the Author
: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO
, +Jeff Reich
) drives the company’s security and compliance services
and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.