It's easy to be into a panic over security, especially when cyber attacks such as WannaCry dominate the headlines. However, smart CIOs know that security in the cloud requires a real plan.

Larry Bonfante

June 12, 2017

4 Min Read
CIOs Need to Get Real About Security in the Cloud

One of the reasons -- or excuses, depending on your point of view -- that some CIOs have been hesitant to migrate some or all of their IT services into the public cloud is the ever-present concern of security threats.

When IT professionals, as well as the public in general, hear another major hack or virus impacting a brand-name company on an almost weekly basis -- take WannaCry as the latest example -- I can certainly understand the reluctance to entrust a third-party service provider with control of your critical data, potentially putting your brand at risk. (See New Insight on WannaCry's Roots.)

However, let's take a rational and unemotional view of the realities of this situation.

First, any CIO who tells his or her company's board and shareholders that they have mitigated the risk of a security breach is simply lying through their teeth. In a time when we question whether foreign governments are negatively impacting the US presidential elections and when major movie studios are quaking in their boots that their blockbuster films are being made available on the web before they are commercially released, it is simply impossible for anyone with an ounce of integrity to say unequivocally that they can guarantee the safety of their data.

Figure 1: Keep calm and security on. (Source: Oimheidi via Pixabay) Keep calm and security on.
(Source: Oimheidi via Pixabay)

Another reality is that while data breaches can certainly harm any company's brand and market positioning, there are some industries where the impact is greater than others.

Certainly the US Food and Drug Administration and the entire pharmaceutical and life sciences industry, as well as big banks and insurance firms, are wise to take every precaution possible. And of course government agencies and utilities are in a particularly vulnerable position to hacks and attacks.

However, in any industry, we need to look at data security much as we do any issue regarding risk management.

Some of the questions we should ask include: What is the potential risk? What exposures can you mitigate against? What is the cost of safeguarding against those risks, and ultimately, like any other business decision, what is the perceived return on investment on pumping money in this area versus other potential investments that can drive value for the organization?

These are all excellent questions for any business and its IT department. However, the best example of how these work are found not in the biggest of the big, but in the small firms with limited resources.

There are many small and midsized companies ranging from $250 million to $3 billion in revenue where the reality is that they simply don't have the human capital to address these issues of data, security and cloud migration internally.

I led a team of 35 professionals responsible for major projects, events and facilities. I did not have the luxury of a single, dedicated security employee or chief information security officer (CISO).

M&A activity is turning the cloud upside down. Find out what you need to know in our special report: Mergers, Acquisitions & IPOs Are Rocking the Cloud.

For CIOs from midsized companies who use security as an excuse to not migrate services into the cloud, here's a question I'd like to ask: Who do you think is better staffed, prepared and versed in dealing effectively with bot proactive security and addressing security breaches? Is it Amazon and Microsoft or your company with your limited human and financial resources?

Security in the cloud is a real issue, make no mistake there.

Still, like any other issue of risk management, or any other business decision for that matter, we need to look at it rationally, dispassionately, and with a business and financial mind set not with knee-jerk emotional reactions. Take a deep breath, put your best minds on the issue, and come up with a realistic security plan that benefits and protects your business.

Related posts:

— Larry Bonfante is an award winning CIO and the founder of CIO Bench Coach. You can follow him on Twitter.

About the Author(s)

Larry Bonfante

Larry Bonfante has held executive leadership positions over the past 35 years in the Financial, Pharmaceutical, Not for Profit, Consulting, and Sports and Entertainment industries. He has received numerous industry accolades including being nominated for the CIO Hall of Fame, being named as one of CIO Magazine's CIO 100 and one of Computerworld's Premier 100 IT Leaders. As Chief Information Officer at the United States Tennis Association, Larry's team was responsible for all information technology related services supporting the US Open, the most highly attended annual sporting event in the world. Larry is the founder of CIO Bench Coach, LLC and has served as executive coach and trusted business adviser to executives at some of the largest and most prestigious companies in the world helping them transform their technology function, attract, develop and retain key leaders, turn talented individuals into high performing teams, change their organizational culture, leverage diversity as a strategic asset, and build board and C-Level relationships. He is also the author of the book "Lessons in IT Transformation" published by John Wiley & Sons and writes a leadership blog for CIO Insight. He has served as both President and Chairman of the Fairfield-Westchester chapter of SIM and is a founding member of the CIO Executive Council. Larry has been a guest lecturer for the Masters' Degree programs at Columbia University, NYU, and Polytechnic Institute and is an accomplished public speaker who has delivered keynote presentations at major industry conferences on four continents. 

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like