3 MIN READ
Security, compliance and cloud strategy at the IT Leaders' Summit
How is the construction of a cloud strategy begun? To what degree are a business’ core objectives the starting point, compared to technical aspects such as security and availability? And where do the nuances of modern business, such as GDPR and data privacy, feature on the priority list?
These were the topics of debate at a pair of roundtables Calligo and Intel hosted at Computing’s IT Leaders’ Summit in London. To set the scene and kick off the debate, we announced the key findings of independent research we conducted in January into the way cloud strategies are being built:
- A startling 34% of CIOs and IT Directors said technical security was their starting point when building their cloud strategies – making it by far the most popular.
- In fact, it was twice as popular as the far more strategic (and generally accepted, wiser) options of business objectives, compliance and data privacy, each of which were the starting points for only 17% of respondents.
- Security was also always the 1st or close 2nd consideration in the selection of cloud platforms (Microsoft Azure, AWS etc.)
- 44% of CIOs even admitted that they had made compromises in the commercials in order to accommodate their security preferences; 42% had compromised their ability to integrate with other technologies; and 41% sacrificed ease of compliance with data regulations.
In essence, a prevalence of overly technically-focused cloud strategies is leading to cloud deployments that are more expensive and difficult to manage than they need to be, and that are openly in breach of data privacy requirements. And in 2018, with GDPR only just over 100 days away, data privacy could be the third rail of business management.
The majority of the 40 delegates who joined us for our roundtables empathised with many of the statistics from our research. In particular, many recognised the feeling of regretting past or present cloud platform choices, having allowed themselves to make decisions on a tactical basis rather than a strategic one.
Interestingly, around the table, the IT leaders in companies from less regulated industries tended to have come closer to giving strategy and security equal emphasis. In contrast, those from more stringent sectors appeared to have felt compelled to push security higher up the agenda than other strategic considerations – and had suffered on cost and performance as a result.
…”those from more stringent sectors appeared to have felt compelled to push security higher up the agenda than other strategic considerations – and had suffered on cost and performance as a result.”
The most striking conclusion from the day however was the great irony of the situation. Too many IT leaders are misguidedly building their cloud strategies based mainly or even solely on security. This is largely out of a fear of fines, impact on corporate and personal reputation and potentially irreversible damage to the company. They do this while knowingly compromising their ability to comply with legislation – even though the impacts of a breach of compliance are exactly the same as for a breach of security.
To download our research on Making Your Cloud Strategy Fit for 2018 click here.