David Menninger's Analyst Perspectives

Cloud Computing Realities Part 4 — Security and Governance

Posted by David Menninger on Dec 21, 2022 3:00:00 AM

In previous perspectives in this series, I’ve discussed some of the realities of cloud computing including costs, hybrid and multi-cloud configurations and business continuity. This perspective examines the realities of security and regulatory concerns associated with cloud computing. These issues are often cited by our research participants as reasons they are not embracing the cloud. To be fair, the majority of our research participants are embracing the cloud. However, among those that have not yet made the transition to the cloud, security and regulatory concerns are among the most common issues cited across the various studies we have conducted.

While organizations should continue to be disciplined in their approach to security and regulatory compliance, cloud providers now offer approaches with these requirements in mind. The reality in this Ventana_Research_BR_Analytics_and_Data_Q35_Cloud_Concernscase may be that cloud providers have more resources to devote to complying with various industry and governmental regulations than all but the largest organizations. Compliance and certifications have become competitive differentiators or, in some cases, a competitive necessity among cloud providers. Organizations can easily find providers with CCPA, FedRAMP, GDPR and HIPAA compliance, just to name a few. Listings of compliance programs for the major hyperscalers are available including, for example, Amazon Web Services (AWS), Google Cloud, and Microsoft Azure.

Platform certification is just the first step. Organizations also need to confirm that their software-as-a-service (SaaS) application vendors are providing the appropriate security and regulatory compliance. Vendors have made varying degrees of progress on their certifications, so it is important that organizations evaluate each vendor in light of their own requirements. However, if a SaaS vendor has achieved the certifications an organization requires, it can help justify movement to the cloud. It’s one less burden on an organization’s internal resources in much the same way using SaaS removes the burden of installing, configuring and maintaining servers.

Certifications of platforms and applications must be accompanied by good data governance as well. Regardless of whether an application is deployed in the cloud or on-premises, lax data governance policies can expose an organization to data breaches, fines and a damaged reputation. Our Data Governance Benchmark Research shows that organizations that have adequate governance technologies and use them frequently outperform those that do not.

However, organizations cannot abdicate security and governance entirely to the cloud platform and application providers. Organizations must use a variety of platforms and applications. They must monitor security and governance associated with these applications both to prevent and respond to attacks specific to their organization and to ensure the applications are performing adequately. A number of vendors provide security information and event management (SIEM) and observability to monitor both cloud and on-premises applications. We’ll address these vendors in a series of future perspectives.

As in the previous perspectives in this series, the point is not to discourage use of the cloud but to ensure organizations are aware of the realities of cloud computing. In many cases, security and governance concerns may be alleviated rather than exacerbated by cloud-based deployments. It is appropriate to go in with your eyes wide open, but it’s no longer appropriate to blanketly dismiss the cloud due to security and regulatory concerns.


David Menninger

Topics: Analytics, Business Intelligence, Cloud Computing, Data Governance, Digital Technology, AI & Machine Learning, Analytics & Data, Governance & Risk

David Menninger

Written by David Menninger

David is responsible for the overall research direction of data, information and analytics technologies at Ventana Research covering major areas including Analytics, Big Data, Business Intelligence and Information Management along with the additional specific research categories including Information Applications, IT Performance Management, Location Intelligence, Operational Intelligence and IoT, and Data Science. David is also responsible for examining the role of cloud computing, collaboration and mobile technologies as they affect these areas. David brings to Ventana Research over twenty-five years of experience, through which he has marketed and brought to market some of the leading edge technologies for helping organizations analyze data to support a range of action-taking and decision-making processes. Prior to joining Ventana Research, David was the Head of Business Development & Strategy at Pivotal a division of EMC, VP of Marketing and Product Management at Vertica Systems, VP of Marketing and Product Management at Oracle, Applix, InforSense and IRI Software. David earned his MS in Business from Bentley University and a BS in Economics from University of Pennsylvania.