It's pretty clear-cut that the public cloud offers many potential benefits for the enterprise: cost savings, improved disaster recovery, the ability to create an on-demand infrastructure that lends itself to business agility.
Yet there are still many public-cloud-migration holdouts among CIOs, and their hesitation is still largely tied to security. As CEB points out, senior IT managers surveyed by the consultancy said that less than 10% of their total application hosting will move to the public cloud by 2015. Instead, these senior IT managers are going to move 50% of their apps to a private cloud. The reason, according to CEB? "Organizations underestimate the viability of public cloud hosting because of the model's current setbacks, such as security and privacy flaws."
As the CISO of a Fortune 500 global conglomerate between 2007 and 2012, Richard Dorough fought going to the cloud "tooth and nail" because he was averse to the security risks he believed proliferated the public cloud. Today, as the managing director of cybercrime incident and response for PricewaterhouseCoopers, his outlook is drastically different. "Based on some of the enterprise company breaches he's seen in his current job, he's come to believe the data might actually have been safer in the cloud," wrote SearchCIO Features Writer Karen Goulart in her piece on security and mitigating cloud security risks.
Alongside a solid governance, risk and compliance strategy, CIOs will have to rethink their information security and data privacy model due to cloud, social media, consumerization and mobility -- all of which stand to create tremendous business value … and, at the same time, risks.
And for risk-wary CIOs, that's the silver lining. As IT and business strategy expert Harvey Koeppel explains in his article on laying the groundwork for a solid GRC plan, forward-thinking CIOs will be able to segue risk management strategies into business value.