I am going to say it out loud: Can we get past the niggling over who is supposed to safeguard your customers’ data in the cloud? Please? No single component of a cloud services deployment is without potential for a security breach, starting with your customer’s employees and stretching right up to the guy in the physical security control room at a major public cloud provider. Rather than wasting our breath blaming each other and debating whose responsibility it is, how about we make a plan.
Here is the bottom line: YOU are the solution provider, and you work hard to earn that title of “trusted advisor” or “virtual CIO.” With that designation comes the reality that YOU are where the buck stops. As part of any deployment, on-premise or off, it is your job as the technology expert to consider all the angles, poke all the cracks in the system, and create not only technology solutions to those potential security gaps, but make sure your vendors and your customers toe the line.
When it comes to your vendors, that means you need to ask the right questions – from how they physically secure their data centers to how they leverage technology in those server farms to encrypt and protect your customers’ info. On your customer side, leverage your own knowledge, your vendor education resources and peer and trade organizations to research and codify a set of cloud security best practices that you then share – and train on – in your customers’ environments. Don’t tell me you don’t have time to do that; add that value to your managed services or cloud services bundle and make some money on it, but more important, it is incumbent on you as their technology partner to do it.
Now please, in 2013, let’s talk about strategies to make the above efficient and profitable instead of stomping your feet and complaining that “insert cloud vendor here” isn’t securing the data well enough.