“Cloud computing is happening in a big way,” confirms Michael Hugos, author of “Business in the Cloud: What Every Business Needs to Know about Cloud Computing” (Wiley, 2010). The widespread adoption of cloud solutions follows four years of increasingly intense tire-kicking by organizations, many of which still harbor concerns about data security.

These concerns are legitimate, and should be addressed in governance, risk management and compliance (GRC) programs, notes Ben Tomhave, principal consultant of LockPath, a software and services firm. Tomhave chatted about the growing need for companies to unite their GRC and cloud capabilities.

Eric Krell: Why is GRC a crucial component of a company’s cloud security strategy?

Ben Tomhave: Moving data and applications to the cloud means losing direct control over those resources. No longer can you call IT and demand that better security practices be adopted. Instead, better security practices must be planned for in advance and then incorporated into contracts and service-level agreements. It’s essential that your GRC program be mature enough to assess these agreements and situations, properly setting the bar for risk tolerance and risk capacity, and then ensuring through continuous monitoring and compliance practices that these benchmarks are being met. more

Although it hasn’t received the fanfare that Herman Cain’s 999 plan has, a group called RATE – the name stems from the acronym, Reducing America’s Taxes Equitably – launched in September. Its members are companies and trade organizations advocating “sound and equitable reforms to the U.S. corporate tax code,” and hoping “to restore America’s competitiveness so the U.S. once again becomes a destination for investment, job creation and strong economic growth.”

Over the last month, the number of members in the group has risen from 13 to 16. Among them are a number of corporate heavy hitters, including AT&T, Boeing, and Verizon. Trade organizations belonging include the Association of American Railroads and the National Retail Federation. Co-chairs are Dr. Elaine Kamarck, former advisor to President Clinton and Vice President Gore, and James P. Pinkerton, former advisor to Presidents Reagan and George H.W. Bush. more

I hadn’t thought about the exact definition of “driver-based planning” until the question came up in the context of our planning benchmark research showing that only 6 percent of companies with more than 100 employees do driver-based planning. Broadly defined, the term could be applied to the use of any spreadsheet-planning model because these almost always have built-in volume-times-price formulas, which are components of driver-based plans. However, this is not what most people have in mind when they talk about driver-based planning, and that’s reflected in the low percentage of those employing the technique.

As I use the term, there are two conditions that must be met for driver-based planning. The first is that the volume-times-price amounts used in defining activities and their financial consequences remain discrete and discoverable by participants throughout the planning, analysis and review processes. The second is that there are persistent volume and price connections between plans of the various groups within a company. Typically, activities that take place in one part of an organization drive actions in another. For example, the sale of a product or service drives fulfillment activities that can be direct (shipping inventory or providing consulting hours) or indirect (administrative tasks such as scheduling or order processing). more

Monday afternoon around 4 p.m. EDT marked one of those rare times in the past several months when it was a pleasure to troll the late-afternoon online business stories.

Two U.S. economists won the Nobel Prize in economic science. Hedge funds suffered their worst quarter in a long time (sorry, it’s the Occupy Wall Street-er in me). And the Dow notched its largest daily gain in a month or so (sorry again: if I could magically de-link the market’s performance from happiness and daily decision-making – an illogical correlation that causes far too much unhappiness and stifles healthy risk-taking – I would do so in a New York minute). more

IBM introduced a new entry-level mainframe computer in July with a price of $75,000. That was 25% below the entry-level price of the previous comparable model. The new machine will deliver more capabilities, higher performance, and use less energy than its predecessor.

So, as CFO, is this a good deal?

“When I suggested a mainframe everyone started laughing,” recalled Danny Gurizzan, executive vice president at Payment Solution Providers (PSP), Toronto, which provides electronic switching software to banks. PSP had a well-established PC-based IT operation. They always assumed a mainframe would cost too much and had never heard of a $75,000 mainframe. more