Adrienne Hall writes on the Microsoft Trustworthy Computing blog:
Years ago I was a part of a team in Microsoft that did a lot of work in the hospitality sector. At that time hotels were Internet-enabling their chains and the business decision they had to make was whether to invest in big TVs or more of a laptop and power desk arrangement. And it was a big decision affecting entire remodel and refurbishment plans for years to come. Some companies made a choice and picked one over the other. Others created a hybrid approach, experimenting with both the TV and desk accoutrements to gauge guest interest over a defined period of time before making a final commitment.
So what has this got to do with the cloud? My point is that just like companies considering a move into the cloud, the hotel chains I worked with had to make a decision that hinged on taking all the relevant factors into account and picking a direction that balanced their needs today with what they anticipated their needs to be in the future.
Like any other decision, the right cloud set up is a balance. I think it’s about the realities of each unique business, weighing risks against the potential to do things in new and interesting ways, and trying to find that right balance.
In talking to folks at conferences, it’s clear that people grapple with how to evaluate the security and privacy aspects of the cloud and how these relate to companies’ existing risk profiles.
It’s important to keep in mind that even without the cloud there are risks for organizations today – whether it’s starting up a business, entering a new segment or geography, acquiring or divesting of business lines, evaluating new online services to add for citizens etc., – there are benefits and challenges in whether applications and infrastructure are hosted on-premise, off-premise or a combination of the two.
Organizations need to evaluate what their risk tolerance is, and what risks are acceptable to them. A business may decide they’re comfortable with managing some, but not all customer records in the cloud. For example, history such as items purchased may be fine, but purchase amounts may not. Or they may decide that they’ll put all customer records in the cloud, but they may choose a private cloud instead of a public or multi-tenant, cloud offering. Or, based on the customer application and how it has been designed, they may be entirely comfortable running it in a public cloud. There are many choices and it’s important to evaluate what will be optimal for each organization. In considering options, there is also that desirable attribute of choice; deciding what to select that’s best for you.
Moving beyond risk, there’s a lot of potential that the cloud offers to organizations. In addition to providing the agility valuable to organizations, cloud computing can also ease the burden on lean IT departments. For example, putting the responsibility for data maintenance into the hands of cloud security professionals can help free up IT departments to do what you initially imagined they would do: develop the innovations that push your business forward.
Check back with us soon as we continue to examine the security, privacy and reliability angles of cloud computing.