> Research Library > IBM > Security Essentials for CIOs
 

Security Essentials for CIOs

White Paper Published By: IBM
IBM
Published:  Jan 25, 2013
Type:  White Paper
Length:  4 pages

Most CIOs are all too familiar with the pros and cons of cloud computing. Because of their flexibility, potential cost savings and ease of use, these remote, professionally managed data centers are spreading fast around the world. Yet many potential customers hold back, maybe with good reason. In a recent Ponemon Institute report, over 60% of surveyed US and European cloud service providers said they were unsure if their cloud applications were sufficiently secured. Additionally, a majority of those cloud providers believed it was their customer’s responsibility to secure the cloud, not theirs. This could lead customers to wonder whether sensitive files might mingle with other companies’ data. They may question how data is backed up, or what happens if the cloud should experience an outage, or if the cloud provider goes out of business?

Those questions, while serious, are dwarfed by the key security challenge facing a CIO in the clouds: the rise of empowered non-IT professionals. Cloud computing hands the controls to hundreds or thousands of well-meaning users throughout the enterprise. This means that folks who formerly were only technology consumers are now given permission to build systems—but often without understanding vulnerabilities that can potentially put the entire enterprise at risk. Traditionally, trained professionals—the CIO’s own team—have handled this work. They are schooled in risks and follow best practices for things like systems configuration, software maintenance and access control. In a cloud, though, this inner circle cedes much of its control. The resulting democratization of technology contributes greatly to efficiency and innovation. This newfound power can also cause significant risk, unless and until users truly understand what they’re building and how to maintain it.



Tags : 
security, cloud, ibm, access management, identity management, governance, risk management, compliance

“I am the Inspector Morse of IT journalism. I haven't a clue. D'oh” - Mike Magee