News Stay informed about the latest enterprise technology news and product updates.

Information security roles and the cloud

A recurring theme I hear at conferences is that security teams can’t fight the inevitable shift to cloud computing, and instead need to figure out ways to adapt. This message was echoed at RSA Conference 2012, where a panel of CISOs urged the industry to get ahead of the cloud trend and ensure cloud services are adopted securely.

With its potential to slash IT costs, cloud computing is driving fundamental change in organizations, said Jerry Archer, senior vice president and CISO at Sallie Mae. “Everyone in this room will be impacted by it,” he told attendees.

That got me thinking: How will information security roles change as cloud computing becomes more prevalent in the enterprise? Do security pros need to worry about looking for other lines of work as security responsibilities shift to public clouds?

Industry experts I talked to see security pros continuing to play an important role as cloud adoption accelerates. After the RSA panel, Archer told me that security pros may need to acquire additional knowledge, for example in the area of contracts and law. But security is necessary and those with security expertise become “the gatekeepers” in this new IT environment, he said.

Cloud Security Alliance Executive Director Jim Reavis said security roles will change depending on the organization – whether it’s a cloud provider or cloud consumer. Providers will need to be able to provide the whole stack of security expertise and technologies while consumers will be looking to leverage higher layers of the cloud stack – SaaS and PaaS. For security pros working at organizations that are cloud consumers, this will mean a shift away from operational skills to application skills and closer work with business units, he said.

“I don’t think IT teams or security teams will disappear because of cloud,” Reavis said. “If you’ve got security expertise, you’ll be well employed for many years to come.”

Randall Gamby, information security officer for the Medicaid Information Service Center of New York (MISCNY), told me he sees security’s role falling in the vendor management space when it comes to cloud. Security professionals need to help organizations ask the right legal and technical questions of a cloud provider to ensure their data is protected.

“Being able to set up criteria to judge a cloud vendor and understand not only the services it offers, but the risks it may pose is important,” he said.

How do you think information security roles will change as cloud services become more prevalent? Leave me a comment below.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Should the CIO be in charge of infrastructure and the CDO in charge of data?
It is high time this came about. It is too much for the CIO to handle both the infrastructure and the data for an organization. Both these require slightly different approaches - CIO needs to be a little more conservative and take calculated risks to succeed whereas the CDO needs to be more of a change agent and innovator since the success of his/her initiatives are going to fundamentally change the organizations process and impact people directly in how they have been doing business.
Umm isn't a CIO a Chief INFORMATION officer ..and digital beat you to it they already have a CDO .. a chief DIGiTAL officer .... A CTO is normally your techy infrastructure leader the CIO should be setting strategy visionetc etc the grab for new C level titles is hilarious !
Right brain/left brain
Should CIO become Chief information Infrastructure Officer?
Sounds like a good split. The next question will need to be "to whom these or each report to in the organization pyramid ?" Who will own the aggregated responsibility?
Data is the new "gold" and should be handled separately
The key question is not this one. New CIO's with real and effective business role within the organisation can be both no? In a huge number of european companies, CIO is actually already only a "head of infrastructure". CIO and CDO is the same function, an information service provider sustaining business processes operations and strategy with data, information, big data or any kind of other applications and resources. What about the CTO/CIO or COO/CIO dualities? We just need smart CXO's whatever the X stands for..
Information must be out from IT hands, that implies leaving to a BICC for example, the management for necessary tools to transform data into information, IT just must provide the infraestructure service.