Several things are on the rise as concerns the Cloud.
Ever more organizations are taking advantage of the Cloud: Its universality; its ready storage potential for shared data (or even static, backed up, data); its grant of access to networks; its dispensation of services, and so on. Rising use by a rising number of organizations and org-types is paired with something else, however…
Also on the rise are attacks on the Cloud, and resultant successful breaches. Darn! Every time I begin to sense a perfect world, something comes along to burst my bubble.
The Cloud is attractive in that it is cost efficient: Storage is inexpensive, easily mounted and maintained, and again – there’s the ready access as enabled by the web. How about Software as a Service (SaaS)? Again, ready access and use. Further, utility and production easily “drop” from the Cloud to any desktop, any device (with proper access and authentication) – and a user is off and running.
But recognize that whether it’s data, apps, tools or services, something very fundamental – perhaps as fundamental as it can possibly get – is shifting. The enterprise, the organization, no longer harbors security. The organization no longer controls security – as in the days of an in-house discreet network, with a room of servers, and a workstation population largely within four walls (whether literally or figuratively) of… the organization’s control.
When things move to the Cloud, recognize that a service provider, a vendor, a solutions partner – whatever you’re using and/or deem to call it – is now running the security show. You must ensure that they have best security practices in place: Constant survey, adjustments, upgrades, risk assessments, notifications – in service to a leading security edge, not a lagging one – a proactive security posture.
You’d better do some due diligence. Why? Who manages security in these circumstances? The answer – the only answer that counts from the enterprise’s perspective is - Someone other than the enterprise. And this leaves you vulnerable: Ensure you get the actual security you need, demand, and pay for in these circumstances.
And yet: Indemnification for breaches and losses is always difficult to negotiate. Cloud services providers (including storage as a service) aren’t exactly in a posture of “Use at your own risk”, but because attacks are always evolving, and breaches can expose providers to catastrophic loss, it’s tough to ascertain just how secure any environment is in the Cloud – and contracts can be difficult to negotiate and discern.
But don’t get lazy and sign off on something you’re not comfortable with. Search and select your partners carefully. Then, survey contracts, guarantees, and remunerations. Don’t rush to the Cloud faster than providers are willing to mount, and stand behind, appropriate security.
NP: Cakewalk Into Town, Taj Mahal, jazz24.org
When examining The Cloud’s potential, we generally look at three basic things:
1) Platform as a Service (PaaS);
2) Infrastructure as a Service (IaaS); and
3) Software as a Service (SaaS)
(Note: for a quick overview, see my earlier post, “Cloud Computing and Security: Forecast Cloudy?”)
But there is another, emerging, potential. IT staff who are associated with specific elements undergoing evaluation for migration could be out of a job. With the potential shift of resources and their management/maintenance burden to The Cloud, now is the time for in-house IT staff to at least begin a reassessment of what was a rock-solid foundation for them. That is: A strong job market; organizations’ requirements for full-time, in-house, highly educated and trained personnel; and a seemingly unlimited horizon to upward progression.
Whatever measure of in-house-based services and assets migrates to The Cloud, there is something IT-related that will never diminish. It will not only remain in place, it is a clear vista to job security: Suitable match of IT resources to business – and optimization of that match. Virtually any business has a business-technology weave; it matters not where that technology is harbored, nor where it is maintained. Business must understand its technical enablements and get maximum business-value from them.
There is never a “perfect” fit of any business system to business: There is constant refinement for present demands, constant evolution to business growth and change; and the requirement to make business professionals – even the most hapless – productive within systems. So, call it what you will: Fit, match, delivery… you must help and support business, enabling it to understand tools, resources, content… and to understand and wield the ways to get maximum business benefit.
Particularly for the younger, more junior, folks, the savvy IT person should ask to sit in on the occasional (pure) business meeting. Befriend a mentor in the senior executive class – confess an interest in some element of “the business” – break the mold and listen on the periphery. Most conference rooms have chairs around the walls – those are for people like you... the network admin/manager, the HelpDesk manager, the HelpDesk staffmember, even the IT Manager/Director. If your organization is large enough to have a CTO, CIO, etc., ask to tag along – listen to the business equation and factor in your own head where services can go in helping the “pure” business concerns. In other words, be imaginative.
Don’t tip into a zone of diminishing returns: In other words, you don’t want to be a nuisance – and you don’t want to cut into time that’s better spent doing your main job. But become a business-technology weave in your value to your organization’s business: become invaluable. My father used to say that the graveyard was full of “indispensable” people – but become so valued that your job is absolutely secured. Intelligent people do that.
Be smart – get ahead of the curve, and ahead of your peers. Now is the time.
You’ll be awfully glad you did.
July 6th: On this day in 1933, the 1st All-Star game was played. The American League won 5-2 (at Chicago’s Comiskey Park).]]>