In my last post, I talked about one type of governance—the make-a-rule-and-enforce-it governance style, which applies to standardization, controls, compliance, and other areas that can be handled through general rules. For that type of governance, the digital world changes nothing aside from making it substantially more effective.
Governance must balance two objectives: it must control, and at the same time it must enable.
When I decided to move US Citizenship and Immigration Services (USCIS) into the cloud, I had a number of discussions with others in the federal IT community about cloud security. As the Authorizing Official—the person who had to sign off on the security of each system—for a component agency of the Department of Homeland Security, […]
It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]
“It takes 20 years to build a reputation and five minutes to ruin it.” — Warren Buffett I’ve supported compliance and security requirements throughout my technology career. In some cases, these requirements were extremely burdensome — for example, when my team was preparing for a Department of Defense audit, which consumed more than 50% of our time for months […]
“We don’t do load balancers anymore, we just do load balancing.” -Bruce Kantor, Talen Energy I don’t often get the opportunity to learn how the cloud is helping the energy industry rethink the way it delivers IT. There’s obviously a lot of great science behind power generation, but getting to hear about the technologies and […]