With the transition of data from the datacenter to the cloud – or perhaps more lyrically, from the core to the edge – we’re going to see a lot of changes in how businesses protect that data, analyze it, and access it. It’s a good idea for IT leaders to contemplate what those changes mean, and to prepare to respond to them.

Any IT leader who wants to develop a long-term business strategy – or at least one that doesn’t become laughably stale – has to consider the impact of corporate decisions on the way the company does business. It’s no secret that enterprise computing is moving more to the cloud, nor that I think it’s the right direction. If cloud computing is going to have a bigger impact than BYOD – and I believe it will – it behooves all of us to try to map out its effects.

In the “old days” – perhaps as long as a decade ago – data typically was stored in the company’s own datacenter, centralized in a handful of corporate-approved applications (such as Microsoft Office, SharePoint, or Oracle), and tracked by a vigilant IT department. An even-smaller set of mobile devices was supported, often Blackberrys doled out and managed by IT, with stern warnings to keep personal information off the company-provided phone. And, no matter where information was stored, users would log on from only a few locations (few of them in coffee shops). One way or another, data was locked down.

It all seems so quaint now, doesn’t it?

Today, data is moving from the core datacenter to the edge. There is an undeniable trend of data and the business applications going to endpoints (mobile devices, including laptops, tablets, and smartphones) and to the cloud. By 2018, more than 60% of enterprises will have at least half of their infrastructure on cloud-based platforms. And, according to a Computerworld survey, in 2015 cloud computing initiatives are at the top of the list for “most important initiatives.”

The changes brought to us by cloud and mobility are more than an issue of storage locality. Data is dispersed and diverse; the average user now has installed about 80 apps on his phone, each of which may store its data in a unique format. That makes it harder to get to the data, because it’s no longer stored in one well-supported application (with plenty of log files, useful for data mining) in one or two physical locations.

Plus, if each application’s file formats are unique (or at least unpredictable), IT has a harder time of reading the information, much less integrating it in larger systems. Case in point: What happens if the lawyers say, “We need every bit of data created by this employee, who’s been accused of inappropriate behavior”?

With this change in data availability, form factors, and apps storing information in different formats, IT leaders (and the tech personnel who deploy on their strategies) have to think differently about the nature of what we all are doing. It’s beyond technology; this affects business processes around the way we protect the data, govern it, back it up, and control access to it.

What has to change?

I recommend any CIO or IT manager consider how data moving to the cloud affects the company’s policies regarding:

Backup, recovery and data retention

Access control

Compliance, IT governance, and forensics

Information gathering and business intelligence

The challenge with dispersed data is that it becomes much more complicated to handle. By now, Druva has gotten a grip on the issues in backing up and recovering data at the edge – it’s our bread and butter – but we see a lot more downstream effects beyond basic data loss. For example, legal demands such as e-Discovery may require different workflows. In a legal matter you have to demonstrate that information stored on a business device or site remains admissible in court, and IT has to give the lawyers visibility into what happened in data-related investigations.

It isn’t just legal matters that change as data moves outside the datacenter. IT is still responsible for collecting that data, preserving it for recovery, staying compliant with outside agency requirements, and ensuring its security. For example, to run security checks on corporate e-mail, IT once could rely on a network firewall or virtual private network (VPN) on the local e-mail servers… how do you do that in the cloud? Your compliance and security has to be thought through, all over again.

How can CISOs adjust?

The first step, of course, is to recognize and accept the change. Understand that data moving from the core to the edge will have a broad impact, and contemplate how that will affect your own business.

Ultimately, this requires good change management skills. Look for data governance solutions, and document the changes you make.

This is an exciting time. The cloud gives all of us a lot of new opportunities. Let’s make sure we deal with the changes in a sensible manner, so that we can focus on embracing innovation and not on trying to keep the old ways of doing things in place.

See also: