As enterprises continue to seek scalability, flexibility and efficiency in their technology stack, cloud platforms become very attractive. For many organizations, the strategy for information technology is to adopt cloud-based services first and seek on premise implementation as an alternative if cloud options do not meet business needs. While in some cases a cloud service may be more secure than a similar service hosted internally, this is not an assumption that can be applied universally.
It is critical for information security professionals to understand cloud computing, the various models and associated risks. Additionally, information security professionals must develop strategies that empower the business’ consumption of critical cloud services while adopting the necessary security measures, balancing the risk versus reward of cloud computing.