Top CIOs Optimistic About the Future of Cloud Computing
How often do you get to sit down and hear what's on the Chief Information Officer’s mind? At Coupa Inspire, we got to sit down with top CIOs to do a reality check on what they think about the future of Cloud computing.
Ravi Thakur, Coupa’s VP Customer Success and Service Delivery interviewed Beth Devin, CIO of Silicon Valley Bank; Ross Meyercord, CIO of Salesforce.com, Curtis Miller, CIO of Amerinet and Dan Rosenbaum, the Director of Technology at Land O' Lakes, to get their thoughts on the future of the cloud and what they look for in a cloud solution.
Ravi: In one word, can each of you describe your company's attitude towards the Cloud?
Ross: All in.
Ravi: That's great, I especially liked "all in." I love that one! Panelists, let's give our audience some insight into the mind of a CIO and what you look for in Cloud solutions.
Dan: Land O' Lakes is asking ourselves, "Why should we not be moving more and more things to the Cloud?” It's a great opportunity, it's a great enabler.
Beth: From a financial services perspective, we want to get to that place where we say, "Why not Cloud?" But I think one of the things we're always looking for is making sure that we're going to be able to meet our regulatory requirements. We've seen in the last couple of years that Federal requirements of how we manage our third-party relationships actually are rising. It may be because Cloud is driving that.
So really the due diligence that we need to do around security and risk management, it starts right at the procurement process, all the way through the contract, the security assessment, the oversight that we bring to bear on an ongoing basis. It requires a really close partnership with the providers that we select and they need to have been thinking about being enterprise-ready right from the get go.
Ravi: I like that, enterprise ready. Ross, since Salesforce is one of those enterprise-ready solutions, can you add some color here in terms of how you look at Cloud within the largest Cloud company in the world?
Ross: From what I've seen, both at Salesforce and before that in my consulting days, a common first step is to look for one-off point solutions to put on the Cloud. There's a nice ROI for that. I think as you begin to evolve and you get comfortable, what I've seen at Salesforce over the last several years is that we've really focused on end-to-end processes, and keeping that process consistent through a cloud environment. When you can do that I think is when you really get that speed.
In a number of areas where we had Provider A on an on-premise system out to Cloud Provider B, the inefficiency of building those integrations was slowing us down, so what we're really focusing now is that end to end process, and where we can to put that all on one Cloud provider, we find that is where we get the big benefit.
Ravi: Great. Why don't we dive a little bit more into what’s needed in the regulated environment at a big bank, like SVB.
Beth: I think it's not that different than how you would dot the I's and cross the T's on all the decisions that you make with partners that you work with, or even how you manage your own shop in-house. It's really making sure that you have the documentation trail and you've done the due diligence. It may feel to a Cloud provider, "Boy, you move slow." But I think it's so important that you go through that review and due diligence.
For example, at the last company I worked at, any time a large enterprise company wanted to do business with us they would have, sometimes, a 200-question list:--"Do you have list security policy? Do you do this kind of access control? Do you have this kind of physical security? How do you do your disaster recovery?"--before they'd ever want to do business with us. That's not dissimilar to how we're having to look at it as we potentially engage with a Cloud partner.
We have found that the different companies that we're either talking with or we have implemented are aware of this. They gone through and done the due diligence to make sure that they have the right certifications, they do the right penetration testing, they make sure that they've done background checks on the people that have access to their datacenter, and there are proof points around the SLAs that they're able to deliver against.
So it's really it's nothing different. It’s just that you need to understand how many eyes are looking at it, and that we actually have to demonstrate and bring forth the documentation, and the policies, and the controls that show that we are actually managing those relationships in that way.