For the most part, current IT investments have been ignored as part of the cloud security equation, amounting to years of wasted budget. This is especially true with policies and directories that pertain to keeping the data secure, with only the right people accessing it-"command and control" systems. So, how can organizations leverage existing "command and control" investments while taking advantage of the benefits of the cloud? But, even before that, how should an organization use the cloud in general?
A lot of investment in on-premises software already exists. If you've already made that investment-if you have an on-premises application running or if you have certain partnerships already in place-you have no reason to abandon that investment. However, a number of scenarios may prompt you to go to the cloud, whether you have an on-premises software investment or not.
Consider a request for proposal (RFP) response process where respondents can locate RFPs they can participate in, make bids and track the process in general. It's an application that lends itself to a community, but this community's only common characteristic is that its members can participate in bidding for the RFP. And while requesters want as many qualified businesses as possible to see the RFP and bid on it, they only want credible people to see it. In this scenario, you may choose to sign up for a cloud application that allows you to publish RFPs to credible candidates.
"Command and control" comes in here. You don't want just anybody to see an RFP because most people have no reason to even lay eyes on it. But you do want to expand the current system for distributing RFPs, for sending RFPs to people who know how to build what you want. You also want as many qualified bidders as possible, but without losing control over who can see which data. You would demand the same level of control that you would have if you installed it on-premises. You want to make sure that you can support directories, authentication and authorization, and you want one bigger partner to basically enable certain classes of organizations to see this RFP and bid on it.
This "limited-time" quality truly makes it a cloud concept. You put out the RFP. Qualified businesses respond to it and say, "Yeah, I know how to bid on this." They give you pricing and the cloud application guarantees that everyone follows the rules (for example, no one can see each other's bids but the one party that put out the RFP can see all the bids). And if implemented on a social network/Facebook-like infrastructure, everything's out in the open and there's no under-the-table discussions happening.