Cloud fear and the wall

My 451 Group colleague, Josh Corman, was telling me all about a small report he had recently written.  The report, Cloud fear is a speed bump; compliance and audit are the wall (available to 451 subscribers) discussed both the fear, uncertainty and doubt (FUD) that is a common discussion point when representatives of larger organizations explain why they're uncomfortable deploying critical applications in cloud environments.

While the conversation may start based upon the fear some feel, those saying that the fear is unfounded are missing that point that audits and complying with regulations have to be part of the planning for public organizations or organizations in regulated industries. So, fears about successfully surviving an audit or proving that the company complies with regulations are based upon very real concerns.

Josh made a couple of suggestions in his report that I thought were very pragmatic and reasonable.

Fear is seldom the answer. The cost savings and convenience of cloud offerings are simply too compelling for businesses to ignore. My guidance to terrified security professionals has been (and continues to be) as follows:

• Do not resist cloud adoption. Lead it. Steer it.
• Cut your teeth on low-risk, non-regulated use cases where failures and a learning curve are acceptable.
• Lessons learned through these pilots will both challenge the cloud providers to evolve and help businesses to understand the extent of their abilities and their sphere of control.