For the CIO, these approaches add vendor complexity, requiring management across different SLAs and support processes. FinOps, which blends financial and cloud operations, will have to be implemented to manage the costs across the various cloud providers in your multi-cloud environment, as well as the contracts. Internally, the CIO must manage their security policies across these cloud vendors, as well as any third partiesthe cloud providers themselves use.
What is your concentration risk tolerance?
Moving forward, understanding your organization’s exact acceptable level of concentration risk will be a key concern. Boards will be wanting management teams to measure this risk so they can define what their tolerances should be.
The Cloud Security Alliance has some good thinking on this topic. It recommends ways to develop processes for transforming risk tolerance assessments, data/asset classifications, and business requirements into company policies, control objectives, and technical controls.