Cloud Computing: Train the Business?

This week, I had the honor of making a presentation to a group of CIOs at a cloud computing conference in Dallas. My presentation focused on the legal and compliance implications of operating in the cloud. During a workshop at the conference, I had the opportunity to talk with several CIOs and senior managers about the greatest challenges they face in cloud computing. They expressed concern over vendor responsibility, reliability, and the other usual suspects. The consensus, however, on the most significant challenge was the need to educate or train their business people about the risks of cloud computing.



As one manager pointed out, if it was ten years ago and someone talked of outsourcing a business function, the business would take a step back and really assess the ramifications of the proposed engagement. Fast forward to today, if someone proposed moving that same function to the cloud, many business people would not have the same reaction. Hence the need for education and training.



The point we discussed is the need to ensure the business looks at a proposed cloud transaction in much the same way as an outsourcing engagement, with the same level of risk. It is for this reason that a noted security expert has referred to cloud computing as “swamp computing”. The point was not to denigrate cloud computing. Rather, the expert wanted to make clear these engagements are not the lofty, ethereal subject of the heavens that their name implies, but earth-bound, in the mud, transactions that require careful consideration and management. The managers I talked with agreed. Education is the key to ensuring these engagements are viewed in a more realistic manner.