Every company wants to put a cloud strategy in place. The question is whether the strategy will take advantage of the transformative benefits of cloud or limit cloud’s role in order to minimize change. Many of the largest, most historic companies in the world are reinventing themselves as technology companies, and cloud is at the heart of new developments in enterprise computing. General Electric plans to migrate 9,000 applications to public cloud Infrastructure-as-a-Service (IaaS) in the next few years. In this issue of CIO Corner, we look at the different ways companies are approaching cloud and whether there is a right or wrong strategy.
Financial services firms were initially skeptical of the cloud because of security concerns. Then the cloud ecosystem matured to accommodate the most rigorous controls like threat protection and BYOK encryption. Financial services organizations began investing in cloud platforms to make employees more productive, products more scalable, and data more secure. Capital One, a top 10 U.S. bank, understands the importance of technology as a competitive differentiator. Almost all new technologies, from the Internet of Things (IoT) to AI, function best with cloud. When a company like Capital One modernizes their IT environment, cloud is the natural choice to take advantage of current and future innovation.
Capital One rides the cloud to tech company transformation | https://t.co/7etYl9Tvnj
— Scott Fenton (@sdfenton) December 5, 2016
IT professionals remain conservative, and private cloud offers a way for departments to apply their expertise with private infrastructure. Experts question whether the decision to lean towards private over public cloud services is rational or based on uncertainty and anxiety about the new model. Fifty eight percent of companies expect cloud to contribute top-line revenue growth, and public cloud benefits are especially significant when it comes to developing new business applications. Five million developers currently use the cloud as a development platform, and the number will nearly triple to 14.2 million in the next year. The number of virtual machines in the cloud grew 20 times in the past year, according to Gartner. Analysts do not expect private cloud to go away, but they do question the benefits of companies clinging to private cloud.
The private cloud is for suckers https://t.co/mZaCxBS5Ce
— Mark Brewer (@brewerma) December 5, 2016
Technologies with huge potentials to transform society give IT security pessimists anxiety. IoT promises to play a major role at home and in the workplace, but security standards have not matured – as the Mirai botnet proved by taking over IoT devices with default passwords to conduct DDoS attacks. Much of our critical infrastructure relies on outdated systems potentially vulnerable to cyber attack. Last year a New York state dam became the target of Iranian hackers, and Russian hackers successfully knocked out power for hundreds of thousands of Ukrainians. Ongoing vulnerabilities combined with increased tensions over state-sponsored hacking worry experts that a breaking point is near. The one silver lining: analysts expect ransomware attacks to decrease in 2017. Backup systems exist to mitigate the attacks, but many companies struggle with limited resources to prepare for an attack.
— Mark W. Bennett (@newfrontiercio) December 5, 2016
Healthcare companies are at the center of the Ransomware trend, but they will face new challenges in 2017. The expanded attack surfaces ushered in through cloud and mobile usage will force healthcare companies to modernize security architecture beyond the firewall or network proxy. While cloud does offer potent cybersecurity capabilities through a combination of cloud provider capabilities and third-party control points called cloud access security brokers (CASB), there is an adjustment period. Industries are adapting to the new threats, but it may get worse before it gets better.
— Bill Swavely (@bswavely) December 5, 2016
Organizations in all industries, from healthcare to the public sector, worry about the security of their business partners. Whether it’s a supply chain vendor, marketing agency, or management consulting firm, every company has third parties and contractors with which they need to exchange data. 9.3 percent of files shared outside of a company contain sensitive data. The company lending data has little control over or assurance of the cybersecurity capabilities of the vendor. Government CIOs are asking for the power to limit interaction with vendors lacking security capabilities. In the private sector, leading technology companies united on a Vendor Security Alliance. While both of these initiatives are promising, organizations are not always aware of every vendor they exchange data with, especially in the case of connections through cloud services. The average company connects with 1,555 partners through cloud applications. The IT security team can start by limiting access to data from personal email addresses or even whitelisting trusted partners to receive data online.
CIOs push Congress for power to halt cyber-deficient contracts https://t.co/cUUelq6esa
— Bill Marion (@Marion_CIO) December 5, 2016