Depending on who you talk to, the cloud is either (A) the future of business (and personal) computing, (B) a ruse by providers to get everybody stuck paying ever-increasing rates, (C) an epidemic of security breaches waiting to happen, or (D) an overhyped development that will lead to some interesting technological advancements but won’t ultimately be all that earthshattering. So what is a business leader to do when faced with the decision of whether to move to the cloud? Naturally, it falls to the CIO to somehow square the circle and make a wholescale move to the cloud while guaranteeing lower costs, perfect security, and unlimited accessibility. Before your business takes on this endeavor, though, there are a few things about the cloud your CIO would probably like to clear up.
Cloud security isn’t an issue for the reasons you probably think.
It seems like every day there’s a story in the news about some kind of data hack: Target and other retailers; the Heartbleed Bug; Jennifer Lawrence. The catch-22 is that businesses feel they need to move to the cloud to remain competitive but by doing so they’re opening themselves up to myriad security risks. Here’s the thing to keep in mind: the Target and Heartbleed issues weren’t really about the cloud per se—they were about the internet in general. Any data that is accessible online is potentially susceptible to hacking. Not many businesses can operate completely offline. The celebrities having their iCloud photos stolen likewise had nothing to do with any vulnerability inherent to the cloud. Instead, it was a matter of hackers figuring out passwords and the answers to security questions. (Though Apple really was remiss in not setting limits to password attempts—a common industry practice that would have made the theft impossible.)
With on-site servers, you have to worry about fires, floods, earthquakes, power outages, etc. With cloud services, it’s blind subpoenas—which even in the extremely unlikely event that they’re issued won’t necessarily spell disaster for your business. The only other thing that might make cloud datacenters more risky is that they house information from many businesses, much like a bank has many people’s money, which makes them a more attractive target. But, also like a bank, cloud providers have a lot more resources to devote to security. There are, however, many aspects of security that you can take responsibility for yourself—like setting multifactor authentication standards for passwords, and creating BYOD policies.
The cloud isn’t an end in itself. It’s a set of tools to help you achieve your goals.
The cloud offers some pretty amazing capabilities, and it opens the way for countless untold advances in the future. But, before moving into the cloud, you should have a well worked-out idea of what you hope to achieve by doing so. Are you looking for more flexible mobile access? Do you need your server capacity to be highly scalable? Or are you looking for more seamless integration between your various software services? To know if the cloud is right for you, and to be able to tell if the cloud is working for you, you need to first have some goals in place.
In a lot of circumstances, the cloud can save you money. In some, it may be more secure. Like any other business decision, though, the choice of whether to move to the cloud starts with understanding where you are now and having a good idea where you want to go. This is important to point out because there’s a perception out there that everyone should flip the magical switch that moves everything to the cloud all at once, making it all cheaper and more efficient, and opening the way to all kinds of new developments over the horizon.
The bottom line is your move to the cloud should begin with a lot of planning. You need to know not just what milestones you hope to reach but what steps you’ll take to get there from where you are today. The CIO’s job is to help you work out this strategy and then to see that it gets successfully implemented. But someone also needs to make a point of focusing on the business side of the equation, asking questions like how will this change impact our organization day-to-day, how much down time should we anticipate, and how does this move position us with regard to future transitions and upgrades? Knowing what the cloud can and can’t do, and separating the real from the imagined risks, is a good first step.