Data in the Cloud is at Risk

Article by Karan Kirpalani



Data in the Cloud is at Risk - Really?

Forward-looking CIOs can turn cost-intensive risk management strategies into business value and help enhance the organizations competitive edge

The 'Advent of cloud' means different things for different people across the globe. While cloud is today preferred as a mode of IT Infrastructure deployment to lower CAPEX and build business in volatile environments, at the same time, the perceived risk associated with the act cannot be ignored. For a large Bank or a Telecom player, the concern is even greater as the CIO of the enterprise is sifting through evaluation reports to enable business value while trying to mitigate the perceived risks associated.

Note, I kept saying ‘perceived’ risk. This is by design. The fact is, most CIOs and CISOs are still looking at new and disrupting technologies through the same old binocular. Let me articulate my point – it is evident to all that cloud offers inherent benefits to the enterprise such as cost savings, agility, faster time-to-market, improved disaster recovery capability, etc.

So what seems to be the issue?

Well, security – yes, information security – is still the reason CIOs are hesitating to migrate their infrastructure to the cloud platform. In a survey by Information Week last year, surveyed IT leaders said that only less than 10% of their applications will move to public cloud, though the move to private cloud will be more.

To substantiate the argument, I asked two CIOs – both from large private multi-national Banks in the country – about their view of data security in the public cloud platforms. Let's call them CIO A and CIO B

CIO A has been vehemently trying to fight moving mission critical or otherwise critical to business or customers, to the cloud. He believes that security risks associated with the public cloud platform is a damper on what he perceives is the security required for a Bank.

Whereas CIO B has romanced with the cloud for over 4 years now, and strongly believes that data might actually be safer in the cloud. Truth of the matter is that IT leaders have not yet looked beyond the old norms of security while they have been at the forefront in adoption of technologies such as social media, big data mobility, etc.

While probing further, CIO B revealed that while most forward looking organizations have a solid Governance, Risk and Compliance (GRC) strategy in place, they haven’t really taken a re-look at their Information Security and Data Privacy model in the light of new and disruptive technologies – Consumerization of IT, Public and Private Cloud models, Mobility, Social Media in the Enterprise.

When asked for advice to fellow CIOs and CISOs he said that risk-wary CISOs and CIOs have to start re-looking at their Information Security and Data Privacy model to accommodate the new technology that the enterprise adopts due to its inherent business value and for means to stay ahead of competition – well, for most it means higher cost. Again, he says it need not be – it is important that CIOs and CISOs start re-looking at the entire GRC, and look at converting risk management activities to business value and for competitive advantage. At the end of the day, cloud is but a mode of deployment for IT Infrastructure. And today, one can define the same data security / GRC policies over cloud infrastructure, as are possible over physical deployments. Today, a service provider is even more careful in the underlying security concerns over cloud deployments, and hence the robustness of cloud is today a priority not just for the CIO, albeit the service provider as well.

I ask you this question – which of the two CIOs are you? How and what would it take CIO A to succumb to peer pressure and start charting his path as shown by CIO B? I look forward to hearing the user perspectives.