CFOs need to understand more than the costs and financial benefits to adopting cloud and consumer technologies. Theyu2019re also on the hook to protect against risk Conversations with the CFO about cloud and consumer technologies go beyond the IT budget. CIOs need to apprise CFOs of any compliance and corporate governance implications that arise from new approaches to provisioning IT. (For more about how to talk to CFOs, see “What CFOs Need to Hear about Cloud Computing and Consumer IT.”) At most companies, CFOs have direct responsibility for complying with regulations that cover data privacy, maintenance of financial records, and security of financial reporting systems. Under the 2002 Sarbanes-Oxley Act, a CFO convicted of signing off on misleading or inaccurate financial statements could go to jail for 20 years. Companies that carelessly allow employee health records to be lost or stolen face large fines and public humiliation because they are required to notify major media outlets of any breach. Other countries may have data privacy regulations that further complicate moves to the cloud. Vendors say that Germany’s laws mandate that individuals’ records can’t be physically kept outside of Germany. Other countries’ laws require that personal data be protected from access by unauthorized people. (Read more about privacy in “Why CIOs Should Care About Privacy.”) Many CIOs have nevertheless moved into the cloud despite compliance concerns. Software security vendor Courion surveyed 384 large users and found that 48 percent of respondents weren’t confident that a compliance audit of their cloud applications “would show that all user access is appropriate.” At the very least, CIOs should be able to outline the risks of cloud and consumerization and explain the steps IT is taking to make sure the company’s data management is as secure as ever. When you’re no longer locking everything down in an on-site data center, for instance, you need to negotiate terms of service covering access to data and create ways to audit cloud and software-as-a-service providers. Robert Petrie, vice president of IT with Pharmaceutical Product Development, which manages the data-intensive chore of running clinical trials for pharmaceutical companies, says, “People are very sensitive about their data. If we are using multi-tenant, hosted applications, our clients audit us and make sure we have the appropriate [security].” He adds: “This isn’t a reason that you can’t move to the cloud, but you have to perform due diligence and do security assessments.” Related content feature Red Hat embraces hybrid cloud for internal IT The maker of OpenShift has leveraged its own open container offering to migrate business-critical apps to AWS as part of a strategy to move beyond facilitating hybrid cloud for others and capitalize on the model for itself. By Paula Rooney May 29, 2023 5 mins CIO 100 Technology Industry Hybrid Cloud feature 10 most popular IT certifications for 2023 Certifications are a great way to show employers you have the right IT skills and specializations for the job. These 10 certs are the ones IT pros are most likely to pursue, according to data from Dice. By Sarah K. White May 26, 2023 8 mins Certifications Careers interview Stepping up to the challenge of a global conglomerate CIO role Dr. Amrut Urkude became CIO of Reliance Polyester after his company was acquired by Reliance Industries. He discusses challenges IT leaders face while transitioning from a small company to a large multinational enterprise, and how to overcome them. By Yashvendra Singh May 26, 2023 7 mins Digital Transformation Careers brandpost With the new financial year looming, now is a good time to review your Microsoft 365 licenses By Veronica Lew May 25, 2023 5 mins Lenovo Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe