A new article in InformationWeek, “Governance Meets Cloud: Top Misconceptions,” revealed one of the biggest misconceptions that organizations have about cloud — although they can outsource IT functions, they can’t outsource the governance.
The article says, “Within the structure of traditional IT, companies could skirt some of the real governance challenges by clamping down on certain deployment scenarios and keeping anything questionable within the four walls and security controls of internal IT. That’s not so easy with a true cloud environment, which mixes it up between private and public clouds, ultimately with applications running between the two, depending on demand and use case.”
According to InformationWeek, businesses should take the following cloud governance points into consideration:
- Many cloud providers will take responsibility for securing their services and data centres, but they won’t take responsibility for anything beyond what’s outlined in their contracts.
- Things in the cloud move too quickly to rely on human approvals or provisioning. Automation is needed to “ensure [that] the right security levels and access policies are applied, that workloads are dispatched to the proper environments or that data isn’t moved to a jurisdiction that it shouldn’t be, based on global regulatory standards.”
- It’s important to gain a consistent view of access rights and policies across both internal and external systems. You can do this by leveraging internal IT policies and directory services.
The article provides additional considerations, along with details on the InformationWeek 2012 Compliance Survey.