We've suggested before that it's quite possible for new technologies to roll out ahead of the security practices necessary to support them.

We're seeing this in several areas. Social media and new-era handheld devices are two great examples. If your top executives are  enamored with newfangled technologies, you really don't have much choice but the roll them out and come up with some security  policies on the fly.

Are we seeing a similar dynamic play out with cloud computing? It sure seems like it. The last thing you want, as you embrace more cloud initiatives, is for security and GRC to be an afterthought. Deep down, many IT executives have some doubts about cloud security at their companies.

A recent survey by the Ponemon Institute found that fewer than half of enterprises believe their organizations have adequate technologies to secure their cloud infrastructures. Only one-third of IT security practitioners believe cloud infrastructure environments are as secure as their on-premises datacenters. There's no time like the present to start systematizing cloud security efforts. A good way to start would be to check out the guidance offered by NIST and the Cloud Security Alliance, notes a LockPath consultant, argues that a cloud program will leverage five key areas:

• Survivability Strategy & Legal Defensibility
• Formalized Methods
• Policies 2.0
• Enhanced Training & Awareness
• Audit & Quality, Beyond Checkboxes
   

For more:
- here's the article

Related articles:
Cloud security, compliance issues fall through cracks  
GRC in the cloud: 7 essential questions