Is this: “A portion of the cost savings obtained by Cloud Computing services must be invested into increased scrutiny of the security capabilities of the provider, application of security controls, and ongoing detailed assessments and audits, to ensure requirements are continuously met”
There's no question that some companies can save a lot of money by using Cloud services. But saving money on paper versus the real world is two different things.
If you find a way to save some money via Cloud ask yourself:
* what capabilities are you going to use to Verify identity, access and data to and from the Cloud?
* what Visibility do you have into the identity, access and data to and from the Cloud?
The answer in both of these cases almost guarantees that your organization requires new technologies for Verifying identity (such as STS and XACML PEP) and for Visibility (such as Monitoring services and Gateways). They will need to be mapped to the Cloud providers that you are working with as well.
So given the hypothetical $100 cost savings, some portion of that $100 savings needs to be invested in Verification and Visibility capabilities. Otherwise the cost savings are as illusory as cardboard desks.
Comments