Cloud computing challenges the CIO legally as well as technically!

Cloud computing is the availability of standard IT resources over the internet in a pay-per use model. Initially this is an attractive proposition. However there are many challenges which CIOs will face when running firm critical applications and data over the internet. The most successful CIOs have built an IT governance strategy to avoid the uncontrolled variety of technologies, meta data and business process evolution in their IT landscape. A good governance strategy ultimately makes the implementation of legal compliance requirements from Basel II or SOX much easier. Without searching first for critical data, an orderly approach is much simpler and the CIO won’t be the only one sleeping better.

So long as everything is in your own company or at local infrastructure, IT governance and compliance should be governed centrally from the CIO office. But what happens when a firm’s cloud computing is effectively deployed? This technology paradigm has its largest cost savings when applications and business processes have extremely high and uneven resource requirements. In most cases these are automatically firm critical applications and confidential data. The responsibility of a CIO then moves from pursuing operational excellence in the datacenter, to the greater responsibility of developing and managing intelligent sourcing concepts in the cloud and bringing its consequences under control. The large cloud computing vendors are nearly without exception international firms and a core basis for their cost-effective deployment lies in their global sourcing strategies. IT governance and legal compliance must also be developed to cloud governance and global provider governance.

[This entry is cross posted to Jonathan Penn's blog, Cyberia]

Expanding on the Google meme from Andy Jaquith's prior post...

Rather than discuss the extent of the cyber threat from China, or whether Google should effectively pull out of China by ending the censoring of search results (or why it was even in China to begin with), the most interesting and telling thing I'm seeing from all the discussion on this is the visibility of the defense contracting and intelligence consulting community, and how that visibility and even dominance is going without much comment by industry watchers and without much challenge by traditional security firms. Who is going to analyze and say with confidence whether the attack came from proxies or direct representatives of the Chinese state? It's the defense contractors. Like the July 4 attacks targeting the US and South Korea, the traditional defense contractors — Lockheed Martin, Northop Grumman (also targeted), and Raytheon, most notably) are the go-to authorities on this, while Symantec (which was also one of the targets in the multi-pronged attack), McAfee, and others are left merely to talk about how the attacks in and of themselves might fuel greater interest in their security technologies.

Service companies definitely understand business problems better than product companies. Case in point: I've been talking a lot lately to both kinds of companies about innovation. When you ask vendors the question, "How do you approach the innovation process?" service companies, on average, say something about business problems first. Product companies, on average, talk about technology.

By no small coincidence, many product companies are now trying to figure out the kind of solutions in which they might play a role. That question has two sides:

After an unintended hiatus, we're back! This week, Mike Marfise of Jive Software tells us how the tech industry's understanding of innovation has matured. Plus, a good example of how to use social media to share product details and plans with your customers. (c) 2010 Tom Grant.