Cloud transition is about how to gracefully lose control over computing assets.
This is a good article. It traces the history of security from the military-minded security pros of yesterday, to the risk management security pros of today, to the great unknown of tomorrow. Given information security is about guarding information assets, InfoSec may shift toward vendor management and away from technological prowess. “For example, even in the case of stuff covered by compliance (you know, that critical Confidentiality stuff we’d never move to the Cloud), vendors will be quick to sell certified solutions (we’re already seeing this, actually).”
“Now in addition to worrying about measuring things like control effectiveness, A/V coverage, and risk, we’re going to have to understand things like: what level of Governance information are we going to require from which vendors? Once we have that Governance information, what are we going to actually do with it in order to make decisions?”
Referencing a post from https://securityblog.verizonenterprise.com/Posted by