Chief information officers (CIOs) and IT leaders are at the crossroads, as businesses, still emerging from the global recession, face uncertainties on which direction to take.
This is according to Gartner research VP, Tom Scholtz, in an interview with ITWeb last week. Scholtz, based in the UK, was speaking ahead of the Gartner Symposium IT Xpo 2011 scheduled for 23 to 25 August in Cape Town.
Scholtz said this year's expo seeks to urge IT leadership to forge a new conception of the IT organisation and its relationship to the enterprise.
“With almost half of CIOs planning to move the majority of their applications and infrastructure to the cloud within the next five years, organisations have a rare and valuable opportunity to re-imagine IT - and consider how existing resources can be deployed and leveraged in a whole new way.”
He said in the aftermath of the global recession, businesses are not only looking at cutting costs but are also looking for growth opportunities.
In that vein, Scholtz believes CIOs and IT leadership must play a critical role in explaining the risks that come with new growth initiatives.
IT obstacle
“CIOs must understand that while IT can be a key partner for business to exploit new trends, it can also be an obstacle that can come with risks in business,” he added. “They should explain the risks that come with these new trends; however, they should not do this in an alarmist way.”
Scholtz also believes that besides cost, the other biggest challenge facing IT leadership is helping business understand the value of IT in non-technical terms.
“Cloud computing and SaaS [software-as-a-service] bring unique data control, compliance and vendor viability risks that are difficult to assess and control.
“Organisations considering cloud-based services must understand the associated risks; defining acceptable use cases and necessary compensating controls before allowing them to be used for regulated or sensitive information,” he pointed out.
According to Scholtz, some organisations lack security resources that adequately match all the technological implications of cloud-based technologies.
He is of the view that this could be solved by some targeted investment in research and training on the security characteristics and requirements of scalable virtualised platforms.
Cloud variations
Scholtz also urged CIOs to understand the different cloud computing variations and their unique benefits.
“However, when considering public cloud services, it is not just a question of the security professionals having the requisite skills, but also whether the context will allow the security professionals to perform an adequate assessment of any cloud services under consideration,” he said.
“Specifically, will the security professionals have adequate access to the environment of proposed providers to assess the security processes and controls that the provider has implemented?
“And once a public cloud service is acquired, will the security professionals be able to perform periodic assessments to ensure that trust in the provider is maintained?” he said.
Scholtz also believes that the other possible challenge is the ability of the security professional to articulate the residual risk of a cloud environment in a non-alarmist manner that the business will understand.
“Security professionals have a duty not to be obstructionist, but rather to be a key team member in any cloud computing initiative,” he said.
Share