The key is to prevent groups within the enterprise from "going rogue" and signing up for computing services without considering the security implications of these arrangements. "You want to have security policies that take control...defining what the cloud is as the company sees it, and what the security guidelines around it are," he says -- without making the policies so stringent and overbearing that they'll be tempted to work around the security group.
Forrester's Wang says it's common for IT not to know about cloud services being used within the company. "Jump in as early as you can -- be an early participant," Wang says. "If the security team gets involved earlier in the evaluation and assessment process and is able to identify the right [service] for cloud computing needs, you've got a secure way to use or deliver functionality in the cloud and enjoy the benefits."
That, of course, requires understanding the business side of the equation, not just the technology side.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.