Report: Shift to cloud doesn't have to be a CIO's nightmare

What are your company's policies around the cloud? Do you even have any?

New data by IDG Research Services about the shift to cloud computing in the enterprise revealed that only 34 percent of the organizations surveyed have a governance policy for cloud-based information. Many of those say they're not confident about managing their information in the public cloud and more than half believe their companies need to spend more time coming up with a strategy around information management and governance.

So does that mean that they're shying away from the cloud? Not really. The report from the Leadership Council for Information Advantage - released today by EMC - found that enterprises, by an overwhelming majority, are eyeing the private cloud and are leaning toward hybrid models between public and private to ensure they maintain control over critical data. From the report:

As CIOs evaluate their companies' cloud strategies, they will need to come to grips with how data governance policies and indeed, the very mindset of IT itself need to evolve to support diverse models for cloud computing. The information management infrastructure of the future will extend from the enterprise and private cloud deployments inadequate or lagging policies for managing the data stores in these different environments will dramatically increase the risks that IT organizations will lose control of the information they are expected to protect.

So what is a CIO to do? The report suggests that CIOs need to address three key information governance challenges to make cloud computing more attractive:

• Develop governance policies that address the mix of on-premise and off-premise data moving across the network. Employees are already using the cloud whether they have IT approval or not. (Think Facebook, Google Docs and Dropbox.) Define information management guidelines now to deal with this mix of on-premise and off-premise data. Waiting to do this will only increase the risks.
• Do a thorough audit of enterprise apps to figure out which ones go into the private cloud, which go into the public cloud and which ones can be retired. (Yes, this can be a good time to reevaluate those legacy apps.) Ask yourself: Which information is mission critical, highly confidential or is affected by regulation?
• Rethink management of the data. As you shift to the cloud, your job becomes watchdog of the service provider, managing it as a vendor. Does the cloud service providers governance and enforcement policies match your organization's policies about information security, data protection and legal issues. Keep tabs on your service-level agreements and update them as the technology - as well as your own needs - evolve.

Sanjay Mirchandani, EMC's CIO, sums it up nicely in a quote found in the report:

Cloud computing offers tremendous scale, mobility and agility. However, if information, governance and compliance policies do not evolve in the cloud, it can create complexity in your IT environment. IT professionals need to spend time defining these policies, so there are rules for capabilities, such as information mobility, to satisfy business demands and governance obligations.