Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

The CFO and Cloud Adoption: 101

Home
Industry Insights
The CFO and Cloud Adoption: 101

Blog Article Published: 12/13/2021

Written by Jeffrey Westcott, CPA, Chief Financial Officer, CSA.


Introduction to the Cloud

I always find it interesting to ask people where their organization is at on their cloud journey. Everyone reading this post already has some cloud presence, but one question is where are you on this path to cloud adoption? The immediate follow-up to the first question is what is your plan or roadmap for cloud migration?

The costs of cloud adoption are increasingly compelling to substantiate this decision, as well as time efficiencies. What may take your organization weeks or months to implement can be established in minutes using outsourced cloud services. Furthermore, technology is moving ahead at such a rapid pace, and the cost of attracting and retaining qualified and competent talent in this ever-changing environment is an increasingly daunting challenge for any organization. An oft-quoted statistic is that there is currently a shortage of 3.5m cybersecurity professionals globally, and I would gamble that the other facets of information technology also experience these similar deficits, putting further demands on the existing talent pool, including increasing wages.

Being an officer of the Cloud Security Alliance, I will not offer an unbiased opinion of cloud adoption and its benefits: The CSA’s objectives include “defining and raising awareness of best practices to help ensure a secure cloud computing environment.” (The Cloud Security Alliance is a global not-for-profit that has produced over 350 vendor-neutral research white papers on secure cloud migration.)

“Secure” is the key word here. Migrating to the cloud can be seemingly seamless, but there are many components of cloud computing that should be considered during your cloud journey. There are risks and decisions that need to be addressed and the ultimate responsibility and impact this could have on your organization rests on the shoulders of C-level managers.

What is the Cloud?

My simple explanation of the cloud is that it’s basically someone else’s servers. Data once was stored locally on your company’s premises – whether desktop, local servers or other mainframes. Data is now stored in a similar fashion, although it is contracted out and stored offsite. These cloud storage providers include familiar names such as Apple, Google or Amazon (AWS).

The National Institute of Standards and Technology (NIST) defines the cloud as being composed of these five characteristics (and my notes):

  • On-Demand Self-Service – Unfettered access to each service provider
  • Broad Network Access – Can be accessed by standard mechanisms (e.g., phones and tablets)
  • Resource Pooling – As the name suggests, shared tenants, offering economies of scale
  • Rapid Elasticity – Scale quickly and on-demand; any quantity at any time
  • Measured Service – Usage con be monitored, controlled and reported

Furthermore, the cloud utilizes these four deployment models:

  • Private Cloud – Single organization, on- or off-premises
  • Community Cloud – Specific community of organizations with shared concerns; it may be privately owned or third-party, on- or off-prem
  • Public Cloud – Provisioned for open use by the general public; it exists on the premises of the cloud provider
  • Hybrid Cloud – Composed of a combination of the above-referenced cloud infrastructures, as the name implies

The Next Steps

We have only started down this path by defining the cloud and its fundamental characteristics.

The next step in the process requires planning. Similar to any project management, you need to ask the fundamental questions:

  • Who are the stakeholders?
  • Is there a strategic plan? What data and applications will be moved to the cloud?
  • What are the budget and cost estimates?
  • Do we have the resources/skills or do we need outsourced contractors?

Your objective is to securely and seamlessly transition applications and data currently on-premises to offsite Cloud Service Providers (CSPs). The questions above encompass the logic that needs to be addressed not only before migrating applications and data into the cloud, but upon the initial implementation, as well as the continued cloud journey. We will continue the dialogue in forthcoming articles, but this should provide a reasonable foundation and raise additional questions to be addressed in your cloud migration.

The journey can seem daunting, but asking rudimentary questions now can prevent headaches down the road. Stay tuned.

Jeffrey Westcott is the Chief Financial Officer of the Cloud Security Alliance and joined CSA in 2014. He can be reached at [email protected], or www.linkedin.com/in/jwestcott/.

C-LevelTransitioning to the cloud

Share this content on your favorite social network today!

Latest from CSA
AI Summit at RSAC 2024
The State of AI and Security Survey Report
Data Resiliency Survey 2024
Trending This Week
#1 What is the Cloud Controls Matrix (CCM)?
#2 Zero Trust and AI: Better Together
#3 Test Accounts: Another Compliance Risk
#4 AI Safety vs. AI Security: Navigating the Commonality and Differences
#5 Is PQC Broken Already? Implications of the Successful Break of a NIST Finalist
Enhance your cloud security skills with CSA's online training options.
Related Articles:
From Gatekeeper to Guardian: Why CISOs Must Embrace Their Inner Business Superhero

Published: 04/15/2024

Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance

Published: 04/05/2024

Runtime is the Way

Published: 04/04/2024

How We Can Help Corporate Boards with Cybersecurity

Published: 04/02/2024