My colleague Doug Cahill and I have been following the development of cloud security for the past few years. What we’ve noticed is that many organizations tend to track through a pattern of actions as their organization embraces public cloud computing. The sequence goes through the following order:
1. The pushback phase. During this period, CISOs resist cloud computing, claiming that workloads won’t be adequately protected in the public cloud. This behavior may still occur for late-comers or very conservative firms, but the cloud computing ship has definitely sailed at most large enterprises. In other words, CISOs aren’t given an out clause, rather they must figure out how to secure cloud-based workloads whether they like it or not.