This week I attended the Symantec Vision conference in Barcelona and also took part in a panel discussion on cloud computing at their CIO Engage event. The content I heard at both events resonated strongly with me. It was relevant to both my internal role at Fujitsu as Chief Information Officer (CIO) and also my market facing guise as Chief Technology Officer (CTO) trying to ensure that our market offerings are relevant and evolving aligned to the demands from our clients and the market in general. Indeed it was at the Symantec CIO Engage that I was also effectively “outed” in responding to a question put to the panel as having a third role within the organisation, that of Chief Security Officer (CSO). The intertwining of all three role perspectives I guess in retrospective was inevitable given the breadth and nature of Symantec’s product range, combined with the pervasive market dynamic force of cloud computing.
The question with which every CIO I met during the week was grappling can be summed up as “how do I access the business benefit promised by cloud computing at an acceptable level of risk and return to my company”. My proposition on the panel was that CIOs fundamentally know how to manage this market inflection point and that the disciplined approach was far from new and scary. The crux of the matter being what corporate IPR should be exposed to obtain the desired business outcomes to an appropriate level of risk and financial return whilst ensuring that all the data implications were guided by the trinity of security, privacy and residency.
A group of CIOs with extensive off-shoring experience ended up concluding over a drink or two one night that we knew how to handle this challenge. Our conclusion was that our experience of managing the arrival and maturation of the off-shoring dynamic which is common place in the market today placed us in a good position to do navigate our companies through the cloud.
One area where there was universal agreement, was that we need to evolve new solutions, technology, process and procedure around updating our data management capabilities to reflect the flexibility and associated risks of cloud computing. There was specific focus from all on how we ensure that data is appropriately processed, stored and transmitted as part of the move (at a rate on which none of us could agree!) towards business process orchestration in the cloud and its far reaching implications. There was agreement that some of our existing strategies in the security arena of creating layered defences from different vendor toolsets to avoid the “too many eggs in one basket” management of risk were probably not sustainable moving forwards. The example I raised with the group (in case someone had a neat solution for me!) was my having an estate of endpoints all nicely encrypted with one vendor’s toolset represented a barrier to my implementing a sophisticated Data Leakage Protection (DLP) solution provided by another; the DLP toolset cannot interrogated my encryption solution and if it could well arguably that would see me with a different immediate challenge entirely! To me it is clear that the technology company that can help us manage data as it is processed/transits multiple clouds whilst providing the many levels of assurance required depending on the data entity value is going to have a queue of customers; you’ll not be at all surprised wearing my CTO hat that I am actively engaged in the Fujitsu Group response to that challenge and opportunity!