Today EY released our whitepaper titled Building Trust in the Cloud: Creating Confidence in Your Cloud Ecosystem. This piece of thought leadership represents the culmination of collaborative thinking from many of our firm’s foremost leaders in technology and business and provides a clear set of considerations and recommendations for building trust in the cloud.
Unlike many industry publications that talk about the risks and roadblocks of moving to the cloud, this publication changes the dialog to thinking cloud first. The guide provides a cloud trust framework – built upon our knowledge and experience with working with some of the world’s largest and most complex Cloud Service Providers (CSP) and Cloud Service Consumers (CSC) – for creating an ecosystem that has a trusted design, trusted execution and trusted certification. We believe that all cloud environments should strive to be secure, trusted and audit-ready but it does take the know-how to weigh the risks and address them appropriately so they do not put the business in jeopardy.
We also introduced the concept of the cloud ecosystem. Previous thinking on the subject has primarily focused on either the CSC or the CSP. While both parties are important, they are two pieces of the puzzle that must fit together and work in harmony and not at odds. We have recognized that a trusted ecosystem can only be achieved when the two parties work together to build trust into their respective environments, thereby creating a trusted ecosystem of controls.
Click here to download your copy of Building Trust in the Cloud: Creating Confidence in Your Cloud Ecosystem. I would love to hear what you think.
Lastly, this publication was a collaboration of many authors, editors and contributors. Many thanks go to the following people for your dedication to making this publication a reality: Michael Schultz, Kaushal Toprani, Glenn Moraven, Fawaad Khan, Damien Haygood, Jun Jiang, Eli Tsinovoi, Bharat Mody, Subodh Jadhav, David Nichols, Bryant Hennessey, Andrew Hall, Snehal Kasal, Abhinav Sharma, Aditya Sharangdhar, Rohit Dasgupta, Paul van Kessel, Bob Sydow, Mal Postings, Greg Jenko, Terry Jost, Molly Parsons, Steve Schultz, Stephanie Nickerson and Kavita Sharma.
Here’s an excerpt to get you started…
Fifteen minutes and a credit card. That is all it takes for anyone within an organization today to set up a cloud solution. This ease of access is one of many reasons individuals, business units and departments are using cloud service providers with increasing frequency.
In late 2013, International Data Corporation (IDC) released a forecast anticipating that worldwide spending on public IT cloud services would reach $47.4 billion. By 2017, its forecast suggested this number would exceed $107 billion.
Yet, despite the rapid escalation of cloud services use, many IT executives remain hesitant to endorse a “cloudfirst” approach. Worse, there are some who refuse to adopt any cloud-based services at all, citing security and privacy concerns, operational challenges or inability to control information once it leaves the perimeter. According to a Forrester Research survey, 50% of businesses in Europe and North America identify security as the number one reason for not having adopted cloud computing.2 Respondents to Under cyber attack: EY’s Global Information Security Survey 2013 mirrored this concern, with 25% reporting that cloud computing use had most changed their risk exposure in the last 12 months.
Unfortunately, this attitude can increase an organization’s risk rather than mitigating it. In order to meet fierce competitive demands and new business requirements, many organizations have found internal stakeholders will procure cloud computing services directly, without involving IT experts and thus leaving the associated risks unmanaged.
So what should IT executives do?