Striking a balance between CFOs and CIOs on cloud cost savings and risk…
Pressure to look to the cloud, and its potential for cost-effective IT delivery, comes from all areas of the business. But who is more concerned about information security?
Is the CIO the executive who is most anxious about data moving beyond the corporate firewall and into the cloud, or is the finance director more worried about risk?
"There are multiple constituents," suggests Rebecca Jacoby, global CIO at networking giant Cisco. "By nature, a big part of a CIO's job is risk management and an understanding of specific security concerns. When it comes to the cloud, security is a real risk and the technology isn't necessarily at the right level for most organisations at the moment."
Jacoby recognises that the broader technical architecture of business is changing quickly. But while the cloud is starting to gain momentum, substantial change could take as much as 10 years. Jacoby says security is definitely a key element in the development of the cloud and will continue to move up the executive agenda as on-demand becomes an organisational necessity.
"The pressure from the business will be for CIOs to deliver the cloud because it is seen as a lot cheaper," says Jacoby. "But while CFOs like you to be cheaper, they're even more concerned about risk. Whenever I talk to the board, it's always the finance guys that organise the risk and resilience meetings. There's different and conflicting pressure from executives across the business and the cloud is all about consciously managing the risk."
So, does that focus on risk mean the finance director is the executive who is most anxious about information security and the cloud?
Cloud security breach of concern to all senior management
Not according to Paul Hanley, director of information security at KPMG, who disagrees strongly with the premise that responsibility for the cloud falls on the CFO's shoulders and suggests a serious security breach is a concern to all senior executives.
"Each of these executives perceives risk, and the impact of a security incident, in subtly different ways," he says. "If there is a breach, the CEO's primary concern might...