This content is part of the Essential Guide: The CIO cloud blueprint: A strategic planning guide
Get started Bring yourself up to speed with our introductory content.

2014 cloud strategies include renewed security focus, business motivations

2014 is predicted to be the year cloud really goes mainstream. As it does, CIOs will look at security and how services are provisioned in new ways.

In the first part of this two-part story, CIOs and cloud experts noted that 2014 will be the year when cloud comes into its own. Real planning, with an eye toward end-to-end solutions will take the place of piecemeal use of cloud solutions and services, they said. The second part of this story looks at the maturation of Infrastructure as a Service, a new security focus spurred by revelations of NSA practices, the renewed importance of IT service catalogs and why cost is no longer the biggest driver behind cloud adoption.

James StatenJames Staten,
analyst, Forrester
Research Inc.

One aspect that will make the transition to cloud go more smoothly, said Ed Anderson, analyst at Stamford, Conn.-based Gartner Inc., is the maturity of Infrastructure as a Service (IaaS). He predicts that 2014 will see IaaS move from handling the low-risk workloads like testing and development to the mainstream.

"People are starting to say, 'Let's retire some of our data center servers and replace those with IaaS,'" Anderson said. "And likewise let's move some of our lower-risk workloads like content management or email out to the cloud data center and stop managing all the infrastructure on our own."

The CIO perspective on cloud security is also undergoing a change because of continuing revelations about the U.S. National Security Agency's (NSA) collection of information on citizens and businesses, including major technology providers. CIOs and IT leaders have recently begun looking for ways to encrypt data before it gets to a cloud service, said James Staten, an analyst at Forrester Research Inc. In doing so, they're creating a new trend in cloud strategies going into 2014 -- bring your own encryption.

Concerned about government access to data, companies increasingly believe the only way to truly control their data is by controlling the actual encryption keys, said Staten. To be successful, companies need to understand precisely what data is considered high risk. And the guidance of an experienced encryption technology vendor is crucial, he added, so organizations don't wind up locked out of their own information.

"[Encryption] key management is not a core competency for all companies, and they're going to quickly learn the best way to do it is in pockets where you really need it," Staten said.

I wouldn't be surprised if folks were looking at the cloud space now and saying that saving some money is nice, but having the flexibility to do things so quickly is what's really important.

Larry Bolick,
CIO, Aquent

Larry Bolick, CIO of Boston-based Aquent LLC, was never one to shy away from cloud because of security. He began investing in cloud services in 2009 in light of the recession. Count him among the believers that cloud providers have the capabilities and the incentive -- keeping customers and getting new ones -- to excel at security.

But that doesn't equal a total handoff of responsibility to the cloud provider on Bolick's part. At Aquent there is a biweekly meeting with legal and HR to discuss security concerns and third- party audits. One recent audit put some "nuts-and-bolts" cloud-related security activity on Bolick's 2014 agenda. His team will be looking into two-factor authentication for at least some employees, removing the need to worry about periodically changing passwords.

"We see that two-factor authentication is becoming more viable for at least a portion of the population, so we'll be looking pretty strongly at that in 2014," he said.

Not your father's IT service catalog

Security isn't Bolick's only concern for the new year. Also high on his cloud agenda is looking at integration issues. Many CIOs will be doing the same, Staten said.

The more Software as a Service applications a company has, the more integration challenges with the back office. IT leaders are beginning to ask: Why have scores of connections to the finance system instead of just one? Shouldn't all the SaaS applications do this in a uniform fashion? To remedy the situation, CIOs are reaching out to their enterprise architecture teams to create the architecture for hybrid computing. This entails deciding how the integrations will be carried out and which aspects of SaaS will comprise the company's "official" SaaS services.

"The same is so with cloud platforms: How are we going to manage and monitor the cloud? And oftentimes they'll bring in the operations team for that question," to figure out how to make ordering and consuming cloud services easier, Staten said.

Once the back-end components for these hybrid services are sorted out, the traditional service catalog requires modernization. Experts like Staten strongly recommend CIOs embrace the app store concept, but it had better perform up to the expectations set by the consumer market.

If the enterprise catalog doesn't meet the same user-experience and app-store ease people have come to expect, the corporate app store will be a turnoff and your IT organization will have zero credibility, Staten warned.

"The whole point of having a service catalog is not to stop people from using your IT services, but so that you can guide them to the right services," Staten said. "It's also to make the consumption of the service through the company easier and more efficient."

Business advantage at all costs

Perhaps the strongest evidence that 2014 will mark a watershed moment in enterprise cloud adoption is the way CIOs and their businesses are talking about cloud computing. Since it first became a buzzword, the top reason for going cloud -- cited in survey after survey and championed by vendors -- has been the low cost of entry. For a growing number of CIOs, however, the rush to cloud is increasingly propelled by their business' unrelenting demand for agile IT services.

Read more about cloud security focus and cost

Latest vulnerability tools assess security threats

Three big mistakes that will sink your ITSM program

Cloud security still an issue for CIOs, but change is coming

Bolick is an example. During the past few years, Aquent ran data processing operations in Singapore, Tokyo and Ireland. Prior to being in the cloud space, he said, it would've been a multiyear endeavor just to start those operations -- building a data center, contracting with a colocation vendor, and getting it all up and running. In the same amount of time, thanks to cloud, Aquent put up, ran and took down operations in all three locations. Cost was important but the agility was crucial.

"I wouldn't be surprised if folks were looking at the cloud space now and saying that saving some money is nice, but having the flexibility to do things so quickly is what's really important," Bolick said.

Gartner's Anderson agreed. "Cost is kind of a funny thing," he said. "Overall, most organizations say they're saving money by moving to the cloud, but they'll also tell you that, yeah, to accomplish what we really want, we're happy to invest additional money to meet our needs."

Let us know what you think about the story; email Karen Goulart, senior features writer.

Dig Deeper on Cloud computing for business

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Will your security focus include a look at bring your own encryption?