Based on a recent study, it was found that over 60% of companies consider a move to the cloud as a board level strategic decision. In the same study, over 30% of companies found IT, including security, to be an obstacle in the transition. When it comes to moving to the cloud, as security experts, we can take the approach of a leader, an inhibitor or an observer. Specifically, we can either lead the effort for a secure cloud strategy, react to and find fault in all the decisions of others, or just get left out of the conversation.
It is easy to look at cloud as another on a list of threats and risk that we have to address. However, moving to the cloud may be a chance to address the important issue, how we protect our data. With the basic responsibilities of managing a system transferred to the cloud service provider, we have more time and resources to focus on the design and acquisition of controls needed to better protect our information.
Many recommendations across the internet say to not keep your information on the cloud. Fair enough, but it's the same as if you asked, "How not to get my house burned down?" and the answer would be, "Do not have a house." The logic is solid, but a better way to translate such advice is, "avoid storing sensitive information on the cloud." So if you have a choice, your cloud strategy can include keeping your non-crucial information in the virtual world, and critical, sensitive and PII data in designated hosting environments.