As cloud computing continues to evolve, I've noticed one major difference in the IT executive thought process. When I was meeting with Fortune 500 IT executives a few years back - around 2008 - they had a lot of concerns about cloud computing. They were particularly concerned with security. Inevitably, security would become a main point in any cloud computing conversation.
Cloud computing was still in its infancy and, at the time, IT executives were not getting as much information from partners on their security programs. This left IT executives with a host of questions around cloud computing and security, including:
- Where my data will be stored?
- Who has an access to my data? Are they employees of the company or a contractor?
- What types of controls you have in place? Physical, personal and logical controls, etc.…?
- What types of audit and compliance certifications do you have in place?
- What type of data encryption you provide?
- How you will segregate the data while it is at rest?
- What are your disaster recovery and business continuity plans?
Over time, things have changed. Now, most cloud solution providers are in compliance with current security requirements, and they have major certifications in place such as SSAE16/ISAE3402, PCI DSS, SOX, HIPAA and more. Cloud solution providers have also become more sensitive to PCI, HIPAA, FISMA and other federal regulatory and compliance requirements.
Much of this shift has to do with the maturation of cloud computing and how the industry has grown over the last five years. During the cloud's evolution, most of the major security concerns of IT executives have been addressed, and they are now more comfortable in trusting the cloud. It's similar to online banking in the early- and mid-90s. At the time, security concerns kept a lot of people from using online banking, but now those security fears are mostly gone.
Now, instead of every conversation shifting to the security of the cloud, IT executives ask more detailed and more educated questions. They ask about the ROI impact of moving particular workloads to the cloud. That's not to say that security isn't still a major consideration in the cloud, but it's no longer the main hurdle. IT executives now inquire about the cloud's benefits, including:
- Speed to deployment
- Ease of use
It appears that cloud computing has passed the hype cycle and is now a true reality. According to IDC, 80 percent of new commercial enterprise applications will deploy on either public or private cloud platforms.
What a difference five years can make.