For the vast majority of organisations, simply forbidding the use of public cloud resources and applications is a poor strategy. For one, it cuts the organisation off from the benefits of using those third-party providers. Secondly, that approach is unlikely to work as the unofficial use of personal mobile devices and free or inexpensive Web-based services of all sorts, tend to happen.
It is better to acknowledge that reality and make public cloud resources an explicit part of overall IT governance. An IT organisation might, for example, freely allow personal devices to access corporate email but put in place mechanisms such as tokens that add a layer of security to that access. Perhaps the most important process is to involve users in formulating the policies rather than creating an "IT vs. everyone else" dynamic.
Cloud computing isn't "risky" any more than IT overall is risky. Rather, like all IT activities, cloud computing projects should be undertaken in a way that both mitigate risks and considers those projects in the context of IT as a whole.
Damien Wong is general manger for ASEAN, Red Hat Asia Pacific.
Sign up for CIO Asia eNewsletters.