I’m often asked whether this year will finally be the tipping point when more and more CIOs begin to understand the importance of transitioning their IT environments onto flexible, more cost effective cloud-based services. Perhaps it may be for some, but it seems that for most organisations, there will always be question marks over security.
Meanwhile, the fact remains that cloud suppliers have typically invested and hardened their infrastructures to a greater extent than businesses have done for themselves. Having said that, there's also the ongoing and persistent threat of attack from hackers and cyber criminals, which makes it important that businesses are able to assess the level of risk against the implications and costs of a breach in their security defence.
I always say: Security costs, but security breaches cost more!
What this really means is that CIOs have to really think about their IT policies; are they adequate? Have they covered off anypotential impact to their services and customers? Are they likely to face litigation and/or scrutiny in the press if they suffer a security breach? It is important that these policies are then factored into the service provided by the cloud supplier and then tested.
So how does all this affect CIOs in small and medium enterprises? It's clear that they need to review both the security offering and capability of the cloud based service they want to buy for their business. The likelihood is that SMEs will want to be focusing most of their investment on their own service delivery rather than adding potentially significant security costs whereas cloud service providers will have made appropriate investment in securing the IT - after all, it’s their business.
On the other hand, large enterprises have to consider their appetite for risk and given their size and complexity decide on how best to deploy their security policies. Whilst CIOs in larger enterprises may have the money to invest in retaining security in its entirety, the question still needs to be asked whether the cloud service provider can mitigate the risks to the same level more cost efficiently.
Additionally, there are a number of issues surrounding the protection of data for CIOs to consider. Dependant on the nature of thebusiness, the type and sensitivity of the data will dictate the relevant regulation and protection that needs to be applied to the management of it. In addition, areas such as storage, accessibility, security, retention and disposal have to be considered too. It is important to note that the penalties can be extremely harsh for the misuse of data.
So what does all this mean? Clearly, uptake of cloud services is increasing, but it seems that organisations of all shapes and sizes are going to have to balance their security fears against the value that these solutions will provide before we see any widespread adoption.
by Pat Phillips, practice director at Xceed