CCSK Guide
25Jan/12Off

Getting Executive Buy-In for Cloud-Based Projects

500px-Quill-Nuvola.svg

The majority of IT professionals are pretty well aware of the potential (and projected) benefits of public cloud storage. Cloud services offer attractive scalability of resources, competitive pricing, pay-per-use pricing models, reduced administration and render data accessible from anywhere. Furthermore, public cloud storage eliminates capital investments for servers and storage. IT professionals are freed from maintenance tasks and can concentrate on more important IT projects, which can result in substantial advantages for the organization.

Even in light of all of these attractive advantages, upper management can still be reticent to approve any cloud-based projects. This article takes a look at some points of focus when securing executive buy-in for cloud-based endeavors.

Think of the Savings

This strategy is a no-brainer. Focus your argument on one of the largest issues that management cares about, namely cost savings. One of the most popular reasons for organizations switching to public cloud storage is to adapt their capital expense model to an operational cost model.

Capital expense models involve purchasing servers and storage hardware every three to five years, while the operational cost of the public cloud is a monthly expense, proportionate to how or when the cloud is used. The latter option frees up capital to be invested in other areas.

Competitive Advantages

Cloud service providers are able to offer levels of availability that are far higher than what clients are able to provide themselves. After all, cloud storage vendors have architected high availability as a founding tenet of their service offerings. The reality is that most small to medium-sized enterprises operate with limited budgets and resources to even be able to compete with such levels of availability.

Buzz words like “flexibility” and “scalability” should also be presented to management. For instance, cloud service providers often offer their resources to clients on a pay-for-use basis, meaning that the organization will only need to pay for resources that are used. As the business grows, cloud storage costs increase proportionately. Should the business plans change, capacity and resources can be scaled back, reducing the related costs. This is the advantage of the public cloud; companies can quickly scale storage – almost at real time – and at a cost far below an on-site IT infrastructure.

Diminishing the Risk

Even though the arguments supporting public cloud storage are convincing, management will not be keen to proceed if the new approaches create new or added risk. It’s important that you are able to respond to these real or perceived risks with counterstrategies or alternative suggestions.

Data security is a top concern and should be spoken about even before management has to ask. There are a number of different data-centric approaches to privacy and security in the cloud that are worth considering. Note that the Cloud Security Alliance (CSA) recommends that data be encrypted in transit as well as at rest. Encryption brings some more control over the data back to the organization, as encrypted data in the cloud is unreadable by others who might happen to access it without authorization.

It is absolutely essential to address the issue of disaster recovery. Unfortunately, in smaller enterprises, many tend to ignore disaster recovery, hoping for the best, or making do with offsite tape vaulting. While this is a workable solution, tape vaulting brings with it high administrative and vaulting costs, as well as a slow retrieval process, should backups be needed. By contrast, cloud storage gateways access local caches to speed up retrieval times, as well as replicating data in real time to the cloud, which ensures that backups are rapidly secured offsite.

Finding the business case and securing management buy-in is the first challenge for IT project managers. According to Chris McLean, head of capability enhancement at the Project and Programme Academy at Fujitsu United Kingdom/Ireland in London: “The challenge with this kind of transformation project is understanding what the technology is and why the organization needs to consider it.”

Summary

This article offers recommended strategies for introducing a cloud-based project and successfully getting executive buy-in. It looks at issues that management would need to consider when debating a shift to the cloud: cost savings; productivity improvements; competitive advantages; and approaches for addressing and/diminishing risk.

CCSK Exam Preparation

In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:

  • Enterprise risk management (Domain 2)
  • Provider selection (Domain 8)
  • Technical support (Domain 8)
  • Encryption practices in S-P-I models (Domain 11)

Enjoy this article?

Consider subscribing to our rss feed!

Tagged as: , , , , , Comments Off
Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

No trackbacks yet.

» «

Login

Sponsored Links

Tags

access control Amazon Amazon EC2 API audit authentication authorization best practices compliance contracts CSA data breach data breaches data security disaster recovery encryption EU google government IaaS IAM identity identity federation interoperability lock-in management Microsoft open source PaaS portability private cloud provider selection public cloud risk management risks SaaS security SOA standards threats trends vendors virtualization virtual machines vulnerabilities

Archives

Meta



Our mission: Provide reliable and accurate information to cloud security professionals seeking CCSK certification.



We expect individuals seeking the Certificate of Cloud Security Knowledge will find our information specifically targeted at their CCSK pursuit useful. Our test preparation software and forums give candidates a higher chance for success.

Thank you for visiting. Since you're new to the site:
  • Please review the user agreement.
  • Register for the site so you may use the testing services.



    • We hope you find this service useful, and good luck on the exam!