Recall these 2 famous quotes:
“The horse is here to stay but the automobile is only a novelty – a fad.” Michigan Savings Bank president advising Henry Ford’s lawyer, Horace Rackham, not to invest in Ford Motor Company (1903).
“There is no reason anyone would want a computer in their home.” Ken Olson, president, chairman and founder of Digital Equipment Corp (DEC), the maker of big business computers, arguing against the PC (1977).
These are but a few examples of when experts have dismissed technologies that now are integral parts of our daily lives, and as some would say, make up the very fabric of our existence.
Without much of an argument, cloud computing can be listed as one of those potent technologies that are now a mainstay and have forever changed our lives.
Here are some notable quotes, both positive and negative, on cloud computing (and software as a service, SaaS, solutions) in recent years:
- Tom Siebel, founder of Siebel CRM Systems in 2001, on Salesforce:
“There’s no way that company exists in a year.” - Larry Ellison of Oracle in 2008:
“The computer industry is the only industry that is more fashion-driven than women’s fashion. Maybe I’m an idiot, but I have no idea what anyone is talking about. What is it? It’s complete gibberish. It’s insane. When is this idiocy going to stop? We’ll make cloud-computing announcements. I’m not going to fight this thing. But I don’t understand what we would do differently in the light of cloud.” - Vivek Kundra, Federal CIO, US Government, on a simple definition of Cloud Computing in 2010:
“There was a time when every household, town, farm or village had its own water well. Today, shared public utilities give us access to clean water by simply turning on the tap; cloud computing works in a similar fashion. Just like water from the tap in your kitchen, cloud-computing services can be turned on or off quickly as needed. Like at the water company, there is a team of dedicated professionals making sure the service provided is safe, secure and available on a 24/7 basis. When the tap isn’t on, not only are you saving water, but you aren’t paying for resources you don’t currently need.”
As a CISO or an executive in a role with information security oversight, you will, if you haven’t already, be tasked to move parts of your business (and sensitive data) onto the cloud.
There are many reasons to move to the cloud. And though you may not have much choice in any event — you’ve done your research, the RFIs, the RFPs, and the POCs — you are left with the following concerns that make you wonder if you actually could, should and would avoid the cloud:
- Will my data will be kept overseas?
- Can I validate that there are data segmentation and separation capabilities between clients?
- Will my data be encrypted at rest?
- Are penetration tests are not performed on a regular basis – automated or otherwise?
- Is two-factor authentication is not required to access the production environment?
- Which personnel from the cloud provider have access to my data?
- Are the suppliers of the critical hardware, network services and facility involved in annual continuity and recovery tests?
- Is there a contractual penalty or remediation clause for breach of availability and a guaranteed SLA included?
- How easily can I switch providers?
- Do they provide the kind of technical support I am looking for?
- Will I really save money going to the cloud?
As well, you could be faced with regulatory issues, data leakage, unacceptable downtime, and more. What is paramount is that you thoroughly know your assets, where they are and who has access to them so that you can ensure the proper protections are in force both by the provider and in your organizations. Defense in depth.
Above all, you must be able to monitor that protections the cloud provider implements to track trends, sniff any changes, and sound the alarm at the right times.
So it may be inevitable but are you really ready to move to the cloud?