The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges.

Let’s talk about some of those challenges. First and foremost, the cat is out of the bag. We’re not going back to the data center, and any resistance to that is going to be seen as a business inhibitor and will therefore not get much airtime.

Second, I think that the cloud has been adopted typically in silos because every employee has a credit card. That’s a big problem because it doesn’t allow the enterprise to have oversight across the board on how data is being processed and stored.

I also think that the cloud is pretty ambiguous as a term. Not all cloud service providers are created equal. AWS, Azure and GCP are pretty rock-solid, but 80% of the Cloud we consume is not with them but with the Ma and Pa SaaS companies around the world. Of course, those SaaS are living off of AWS for the most part, but do you know with whom you keep your contract? Not with AWS but rather with the SaaS provider, and they habitually are terrible at security.

Lastly, security is fundamentally different in a software-defined world. For the cloud, this is a world of shared responsibility where half of the responsibility for security is ours and the other half is the service providers. All of this gets very murky, and unfortunately, a lot of early adopters of the cloud believe that the cloud service provider has almost all the responsibility. That’s just not true.

The Strategy

Now let’s switch tracks and talk a little bit about strategy.

Understanding what cloud services have been adopted by your organization, authorized (Read more...)