By Laurence Guihard-Joly
Every company needs electricity, but that doesn’t require building a power plant. Many organizations have reached the same conclusion about computing and storage needs. Why build out data centers if it’s not your core business? Plus it can be a costly proposition.
That’s basically the premise of cloud computing – turn to trusted partners for your computing needs so you can focus on the business. But when deciding on a cloud strategy, organizations should be careful not to simply focus on saving money.
To be sure, moving to the cloud is economical and brings greater efficiencies, but it’s also an opportunity to reexamine everything from finance systems to enterprise resource planning and even the helpdesk. It can be a means of improving business efficiency over every operation that runs on software. Adding redundancy and automating backup are two functions most cloud providers offer, with more or less sophistication. A cloud strategy – public, hybrid, private – is also an excellent place to rethink security and continuity strategy and options across the board.
Companies in highly regulated industries—finance, pharmaceuticals, defense or transportation, to name a few—have unique security and compliance concerns. Government contractors, for example, may be prohibited from sharing data with a foreign enterprise. What happens if a cloud provider uses offshore resources to maintain the infrastructure? How is data protected?
Patricia Titus, CISO of Freddie Mac, has worked in several highly regulated industries. “I’m not afraid of the cloud, but you still have to be careful,” she says. “You don’t take your crown jewels and put them on the public cloud. You have to write a good contract and know the company from a reputation perspective. You have to know the right questions to ask.”
Chris Green, head of business continuity at Qatar Air, has a similar view. “If you have performed a proper risk evaluation as well as a technical evaluation, then you can make an informed decision. In one sense, it’s no different from outsourcing your contact center; you are just outsourcing some of your technology infrastructure. If you’re worried about the security, then you haven’t done your risk assessment properly—or you haven’t made the right risk choice!”
With a device in the pocket of nearly every employee and customer, many of them connecting through the cloud, simply adding layers of security would mean a missed opportunity. The username/password system, for instance, may have worked well enough when data and software resided in a stationary device or a company-owned server. With greater mobility, device certification or user certification may be a better option. Security can also be added with analytics around anomaly detection and correlation—beyond what most smaller enterprises could accomplish on their own.
What is the best way to remove friction while adding security and resiliency? For most organizations, the answer will be in the cloud. In fact, today we announced that IBM is bringing a new set of disaster recovery and security services to SoftLayer. These services let business experience the true promises of the cloud by providing the assurances that no threat, whether it’s a natural disaster or a hacker, will impact business performance, customer loyalty, revenues and the reputation of their brand.
This article was developed in collaboration for Deborah Orr, Forbes Insights.