If you missed an article posted by Eric M. Fiterman, and published in the Government Information Security blog recently, then you need to read about this information security concern when data is moving around in a Cloud Computing environment.
This topic is required reading for any risk manager or member of a business continuity or contingency planning committee who is charged with making a decision about information security for their organization.
Today many CIO’s are witnessing their Information Security budgets being slashed, their projects being postponed, and their IT departmental employee levels being down-sized.
Beyond the pressures of our economic downturn, we believe that too many CIO’s are still struggling to articulate the real and measurable value of their security programs and thus better justify their information security budgets to their Board of Directors or executive managment leaders in charge of risk management. Too often the reason for that struggle is that not enough attention is being paid to communicate real value and measurable dollars in those presentations to upper management.
A recent article written by Khalid Kark, a contributing writer to Computerworld, offers a way for those CIO’s to make a better business case presentation to their executive risk management teams, and, also other senior level executives and directors. Depending on the particular needs, this article offers a detailed discussion and value-added approach to five (5) categories that make the case for continued investment in an organization’s information security program(s) — e.g. revenue, reputation, regulation, resilience and recession.
Cloud computing has been in the news again for having an outage on Sept 1, 2009. In an article by Christina Torode, a contributing writer for IT Knowledge Exchange, the issue of losing track or control of your organization’s data, when the cloud computing is not available remains a serious risk management question not yet answered.
All business continuity planners and risk managers responsible for information security and IT Service Management in every organization should be aware of this element of cloud computing risk.
