In this article at Wired, they are talking about Gartner’s wrap up of last year – Gartner: 2012 Will Be the Year of Apocalyptic Reckoning for CIOs | Cloudline | Wired.com - frankly the article is a throw away and pandering to Gartner about something that they made up about CIOs so that they can sell a few more reports or expensive consulting engagements.
Bit this little bit leapt out at me:
Incidentally, one of the big benefits of the decentralization of IT within the enterprise is that it will at long last truly make security everyone’s responsibility. When the marketing department has a bigger IT budget than the IT department, it will be the case that the marketing department has that much more responsibility for enterprise security. It won’t necessarily be IT’s fault if marketing didn’t do due diligence on a cloud provider and ended up losing sensitive data to hackers, because IT wasn’t involved in that relationship.
Hysterically funny. By that logic I should put the marketing department into their own buildings and let them sort out their own physical security too – because “marketing department has that much more responsibility” they would get it right. In my experience, the marketing department is the most likely source of serious information security breaches either in terms of passing confidential information outside the company, or using insecure services, or just not able to work on a project in a logical and timely manner. Most marketing departments use computers with shared passwords because it’s “easier” etc and they have important ‘other stuff’ to do.
Putting marketing into their own building will mean less security not more because it suits them to have an easy life and not bother about complicated things. And, so as not to single out marketing people, this applies to any group of people who lack good professional working discipline such as management, advertising, sales, parts of accounting teams or building maintenance.
Hah, what bollocks. Cloud doesn’t mean more security, it means there is less security that needs more work to fix it than ever before.