In 2009, the Cloud Security Alliance (CSA) was announced and version 1.0 of their Security Guidance for Critical Areas of Focus for Cloud Computing best practices guidance was published. Full disclosure - I was a founding member of the CSA.
Ten years ago, many executives and technical people were not sold on the idea of cloud computing. Many were quite suspicious of the security capabilities of cloud computing, and in fact thought secure cloud computing was an oxymoron. A decade later, cloud computing is dominant and proven, and many of the early concerns about security have been obviated. That’s not to say that there are not significant information security concerns with cloud computing. But most of them are surmountable if implemented correctly.
In Secure Cloud Transformation: The CIO'S Journey (IT-Harvest Press 978-1945254208) editor Richard Stiennon has gathered an all-star cast of CISO’s and CIO’s who have written about their success stories around cloud computing. They bring their extensive knowledge to each chapter and provide significant insights into how to turn a cloud project into a successful project with a happy ending.
The 11 chapters from 16 contributors are broken into 4 sections: Transformation Journey, Practical Consideration, CIO Mandate, and Getting Started. Personally, I would have placed the Getting Started section at the beginning of the book, as it provides a better context. Each of the chapters details specific cloud computing challenges and successes that the author faced.
This is definitely a book that highlights the main successes of cloud computing. But the authors also detail many of the problems they ran into while trying to deploy cloud solutions.
Most of the authors are from very large firms, so their advice is primarily cogent for similarly large companies. Smaller firms may not need such complex enterprise cloud solutions, as their needs for IT transformation may not be as great.
Two of the chapters I found most interesting were from Bruce Lee, former CIO of Fannie Mae and Larry Biagini, former GE CTO. Lee shows how the cloud model has changed information security from control-based, to a risk-based model. This in turn changes the role of the CIO to a much broader mandate, shifting from a delivery executive to a business and security executive. To that, the rapid increase in cybersecurity threats are cited to be some of the top priorities for the CIO, to which cloud computing can controls many of those risks.
Biagini take a similar approach and shows that information security staff must turn into people who understand risk, to understand what their highest risks are, and put their mitigation into place that allow those highest risks not to actually occur.
This is a good-high level book about the transformative power of the cloud. It’s isn’t and not meant to be a tactical or technical guide to actually doing that. But for those whose management need convincing that the cloud is real, effective, secure and can possible save them significant time, effort and budget, Secure Cloud Transformation: The CIO'S Journey should be on their reading list.