Cloud computing is no longer an interesting idea or concept to be investigated by most organizations but reality that is now part of their normal business activities. It is well understood through numerous studies and analysis that security is currently the primary roadblock that prevents organizations from widely adopting cloud computing capabilities for their core and critical business activities. This situation creates an interesting scenario that is similar to the theory of the unstoppable object (Cloud Computing) and the Immovable Object (Security) and what happens when they must coexist and thrive. The capability that will ultimately help organizations to solve this challenge is the use of information risk management.
By introducing information risk management into the conversation organizations will have the opportunity make informed, data driven, and rational decisions on how and when to and not to leverage cloud computing capabilities. Too often, security professionals are quick to highlight the deficiencies and challenges associated with the use of cloud computing due to their understanding of threats and vulnerabilities that exist in these environments. At the same time, business leaders and managers are often too quick to rush to the idea of using cloud computing due to the perceived financial benefits, quick access to advanced technology, and operational efficiency gains that are promised. Neither of these groups are incorrect in their point of view or motivation. Unfortunately it is also often the case that neither have a true understanding of real business risks associated with their use of cloud computing capabilities and solutions have never done meaningful analysis taking into account each others perspective.
Information risk management can even the playing field for both groups and allow them to find a common ground. By employing concepts such as threat and vulnerability analysis, business impact analysis, strategy, and financial analysis both parties can come together to appreciate each other’s point of view and develop a use plan for cloud computing that is amenable to both parties. Instead of following an all or nothing approach to the use of cloud computing the most likely outcome for many
organizations will be hybrid approach. In this operating model security requirements can be met by limiting the use and storage of sensitive data assets and applications in cloud environments while still be offering the benefits of their use for other capabilities based on an individual organizations risk appetite.
The information security and risk management track at Cloud Connect 2013 will focus on finding a common ground between cloud and security by bringing together some of the best and brightest industry thought leaders to provide their insights and knowledge on how they are overcoming this challenge. Sessions in the track will focus on effectively identifying and understanding threats and vulnerabilities as well as provide useful and pragmatic insights and concepts on how effectively mitigate the risks they create to be successful in the use of cloud functionality and capabilities.