One of a CISO’s most difficult challenges is sorting the valuable wheat from the overhyped chaff, and then figuring out what it all means in terms of risk to the organization. There is no shortage of technology or threat trends, and CISOs need to determine which matter and how they impact security.

The rise of cloud computing is a legitimate transformation which is fundamentally changing core security practices. Far more than a mere outsourcing model, cloud computing alters the very fabric of our infrastructure, technology consumption, and delivery models. In the long term the cloud and mobile computing are likely to mark a larger shift than the Internet’s apperance.

This paper details the critical differences between cloud computing and traditional infrastructure for security professionals, and suggests where to focus security efforts. We show that the cloud doesn’t necessarily increase risks – it shifts them, providing new opportunities for substantial security improvement.

There are two versions. The Executive Summary is a two-page overview of the highlights, suitable for passing on to a time-crunched manager. The What CISOs Need to Know About Cloud Computing full report includes the executive summary (formatted differently), followed by the complete paper. We may be biased, but we hope that’s the one you read:

Special thanks to CloudPassage for licensing this content and making it possible for us to release it for free.