The document discusses the evolving role of cloud computing and information security, highlighting both opportunities and risks associated with cloud adoption. It emphasizes the shift from capital expenditures to operational expenditures and the need for a collaborative approach in governance and risk management. Additionally, it raises questions about data centralization, compliance, and the implications of cultural and organizational changes in adopting cloud technologies.

1. Cloud & InfoSec’s
Collaborative Role
CISO Collaborative – Mountain View, CA
May 25, 2010
Tim M. Crawford
S

2. Tim Crawford
S 20 Years in Information Technology
S Global 1000 & Fortune 500
S Board Member & IAB Chair: Data Center Pulse
S Co-Chair: SVLG Data Center Efficiency Summit
S Core Member: Data Center Efficiency Consortium
S Global Speaker: Cloud Computing, IT Strategy, Data Center
Efficiency
S International Strategic Advisor
May 25, 2010
2
©2010 Tim M. Crawford

3. Cloud Metrics
S
60% Using Cloud in Next 3 Years
S
57% Driven by IT, 39% Driven by Business Units/ Executive Team
S
Market Share
S
S
S
S
Cloud as a Country
S
S
IDC: $44.2 billion by 2013
Gartner: $150 billion by 2013
GIA: $222.5 billion by 2015
Telecom & Data Center energy, 5th in world
Impact from CSR Programs
May 25, 2010
3
©2010 Tim M. Crawford

4. Cloud Governance
S Impact on Culture and
S Legal, Financial,
Organization
Reputational Risk
S Process Changes
S Compliance, Regulatory
S Technological Shift
S Compartmentalize
S Vendor Management
S Business-centric (Business
Value)
May 25, 2010
4
©2010 Tim M. Crawford

5. Opportunities
S Cost
S Movement from CapEx to OpEx
S Flexibility
S Scalability – Up…and Down
S Responsive
S Business Driven
S IT Focus
S Technology-Centric  Business-Centric
May 25, 2010
5
©2010 Tim M. Crawford

6. Risks
S Industry Maturity
S Audit
S Cloud Providers
S Flexibility
S Internal IT Organizations
S Paradigm Shifts
S Control
S Compliance/ Regulatory
S Compartmentalize
S Legal System Changes
S International Implications
May 25, 2010
6
©2010 Tim M. Crawford

7. Evolution of Data
May 25, 2010
7
©2010 Tim M. Crawford

8. Evolution of Data
May 25, 2010
8
©2010 Tim M. Crawford

9. Evolution of Data
May 25, 2010
9
©2010 Tim M. Crawford

10. Data Impact
Clients
Data
Risk
Past
Centralized
Centralized
L
Recently
Distributed
Centralized
M
Now
Distributed
Distributed
H
Future
Distributed
Distributed
?
S End of Data Warehouse?
S Compliance/ Regulatory Effect…changes?
May 25, 2010
10
©2010 Tim M. Crawford

11. Myth vs. Reality
S Is the Cloud Secure?
S Are SLA’s Relevant?
S Is All Data Treated Alike?
S Are Significant Paradigm
S What about Vendor Lock-In?
S Are There Contractual
Shifts Really Necessary?
S Are There Organizational
Implications?
Limitations?
May 25, 2010
S Culture Changes
11
©2010 Tim M. Crawford

12. Significant Decision Matrix
S Public vs. Private Clouds
S Contract vs. No-Contract
S Freemium vs. Pay
S SLA vs. No-SLA
Versions
S CapEx vs. OpEx
S Buy vs. Build
S Risk vs. Opportunity
S Variable vs. Fixed Costs
May 25, 2010
12
©2010 Tim M. Crawford

13. Approaches
S Block All – Drive Fear
S Go For It! – Ignore Risk
S Collaborative Approach
S Compartmentalize
S Balance Opportunity/ Risk
S Provide Objective Guidance
May 25, 2010
13
©2010 Tim M. Crawford

14. Bottom Line
S Significant Opportunities… when applied correctly!
S Cultural Changes
S Consider Organization, Process and Technology Impact
S Use Holistic Approach
S Don’t Fear Risk – Be Objective and Transparent!
May 25, 2010
14
©2010 Tim M. Crawford

15. Contact Information
S Tim M. Crawford
S Twitter: @tcrawford
S http://timcrawford.org/
May 25, 2010
15
©2010 Tim M. Crawford