& cplSiteName &

CIOs Need to Get Real About Security in the Cloud

Larry Bonfante
News Analysis
Larry Bonfante

One of the reasons -- or excuses, depending on your point of view -- that some CIOs have been hesitant to migrate some or all of their IT services into the public cloud is the ever-present concern of security threats.

When IT professionals, as well as the public in general, hear another major hack or virus impacting a brand-name company on an almost weekly basis -- take WannaCry as the latest example -- I can certainly understand the reluctance to entrust a third-party service provider with control of your critical data, potentially putting your brand at risk. (See New Insight on WannaCry's Roots.)

However, let's take a rational and unemotional view of the realities of this situation.

First, any CIO who tells his or her company's board and shareholders that they have mitigated the risk of a security breach is simply lying through their teeth. In a time when we question whether foreign governments are negatively impacting the US presidential elections and when major movie studios are quaking in their boots that their blockbuster films are being made available on the web before they are commercially released, it is simply impossible for anyone with an ounce of integrity to say unequivocally that they can guarantee the safety of their data.

Keep calm and security on.  (Source: Oimheidi via Pixabay)
Keep calm and security on.
(Source: Oimheidi via Pixabay)

Another reality is that while data breaches can certainly harm any company's brand and market positioning, there are some industries where the impact is greater than others.

Certainly the US Food and Drug Administration and the entire pharmaceutical and life sciences industry, as well as big banks and insurance firms, are wise to take every precaution possible. And of course government agencies and utilities are in a particularly vulnerable position to hacks and attacks.

However, in any industry, we need to look at data security much as we do any issue regarding risk management.

Some of the questions we should ask include: What is the potential risk? What exposures can you mitigate against? What is the cost of safeguarding against those risks, and ultimately, like any other business decision, what is the perceived return on investment on pumping money in this area versus other potential investments that can drive value for the organization?

These are all excellent questions for any business and its IT department. However, the best example of how these work are found not in the biggest of the big, but in the small firms with limited resources.

There are many small and midsized companies ranging from $250 million to $3 billion in revenue where the reality is that they simply don't have the human capital to address these issues of data, security and cloud migration internally.

I led a team of 35 professionals responsible for major projects, events and facilities. I did not have the luxury of a single, dedicated security employee or chief information security officer (CISO).

M&A activity is turning the cloud upside down. Find out what you need to know in our special report: Mergers, Acquisitions & IPOs Are Rocking the Cloud.

For CIOs from midsized companies who use security as an excuse to not migrate services into the cloud, here's a question I'd like to ask: Who do you think is better staffed, prepared and versed in dealing effectively with bot proactive security and addressing security breaches? Is it Amazon and Microsoft or your company with your limited human and financial resources?

Security in the cloud is a real issue, make no mistake there.

Still, like any other issue of risk management, or any other business decision for that matter, we need to look at it rationally, dispassionately, and with a business and financial mind set not with knee-jerk emotional reactions. Take a deep breath, put your best minds on the issue, and come up with a realistic security plan that benefits and protects your business.

Related posts:

— Larry Bonfante is an award winning CIO and the founder of CIO Bench Coach. You can follow him on Twitter.

(1)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
Featured Video
From The Founder
Light Reading founder Steve Saunders talks with VMware's Shekar Ayyar, who explains why cloud architectures are becoming more distributed, what that means for workloads, and why telcos can still be significant cloud services players.
Flash Poll
Upcoming Live Events
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
I'm Back for the Future of Communications
Phil Harvey, US News Editor, 4/20/2018
Verizon: Lack of Interoperability, Consistency Slows Automation
Carol Wilson, Editor-at-large, 4/18/2018
AT&T Exec Dishes That He's Not So Hot on Rival-Partner Comcast
Mari Silbey, Senior Editor, Cable/Video, 4/19/2018
Facebook Hearings Were the TIP of the Data Iceberg
Dan Jones, Mobile Editor, 4/20/2018
Pay-for-Play Is a Sticking Point in Congress
Mari Silbey, Senior Editor, Cable/Video, 4/18/2018
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed