We just completed our first week of our breakfast roundtable series on Virtualization and Cloud Security. I've had the opportunity to speak with about 60 of our member CISOs during this first week and I've picked up a few notable points.
What I found interesting from a number of our members in one particular chapter is the fact that their firms found moving to the cloud to be more expensive than hosting in-house. Their key decision factor for not moving to the cloud was NOT security-related, but cost. For most of our other members, they've found that the cloud providers are still giving the old "You're the first company to ask for that.." line when firms ask for more security and privacy controls. And yet, some are finding the vendors more willing to negotiate security and privacy control terms in the contract. It seems to depend in the size of the buyer.
A major concern of many of our members is the lack of visibilty into the cloud environment and the challenges of doing effective audits after the contract has been signed and the service turned on. This stems partly from firms not having sufficient audit resources and also from a reluctance of the cloud providers to give open access to auditors.
I look forward to our remaining 3 weeks of roundtables on this topic. I expect to learn much more and will share my thoughts through this blog and on our LinkedIn group.
If you are not yet registered to participate in our roundtables, make sure to log into your chapter page and register today.
