Chief Information Security Officers and corporate risk officers need a break. These execs may have the hardest jobs in the organization and instead of being praised for their efforts to protect enterprise data and prevent breaches, they are often maligned as obstacles to progress and innovation. Even CIOs, whom many business users view as blockers to social media, cloud computing and other leading-edge technologies, sometimes do an end-run around CISOs and compliance folks in order to push projects forward more quickly.

Can a truce be reached? Several speakers at yesterday's Smart Enterprise Exchange meeting, agreed that security and the cloud can coexist, but partnerships have to be forged first. Here are some views and tips from our panelists, but we also want to know what you think about this topic. Add your comments and views to these:

• Arnold Felderbaum, Chief IT security and Compliance Officer at Reed Elsevor Tech Services, and adjunct professor at New York University's Polytech Institute, leads a committee looking at cloud models. "Cloud computing is not a tech challenge," he said, the challenges are more about compliance, risk, and the types of data that will flow through the cloud. "You need to bring together architects, back-office managers and IT to forge the road ahead."  Also, when a business person says 'I can escape privacy, compliance and legal issues,'  an attorney has to be available to respond.

• Michael Denning, General Manager, Security Customer Solutions Unit, CA Technologies: IT needs to change from the "Power of No, to the power of Know." CISOs don't want to bear all the burden, they need to become a partner, get smarter and turn risk management into knowing what’s going on and granting access." Bring business users into the process and incent them to use internal services.

• Timothy Chou, author and cloud evangelist suggests that the  tougher issue is how to foster innovation among business users without bogging them down in bureaucracy and restrictions like security and compliance. Best way? Create dedicated groups, away from the rest of the organization and "protect them until there’s some legs."

• Ajit N. Maira, Vice President, Strategy Cloud-Connected Enterprise Management Business Unit, CA Technologies: Business units are "taking initiative, not control, like it or not." The question now is, how can we describe cloud services so that IT and the CISO can have an intelligent discussions with the business? ...The CIO is  becoming a supply chain manager for business processes. In this model, systems architecture gets elevated for cloud services and CIOs need new skills for very carefully managing SLAs, security and vendors.

• Joseph A. Puglisi, V.P. and Chief Information Officer, EMCOR Group: Traditional security methods like firewalls, can’t stop breaches and won't stop business users from going around IT. Unless you create a good relationshp with the business, and find out what they think they can't get from you, problems will persist.
  

• Elizabeth Butwin Mann, Chief Information Security Officer at Mycroft, suggested that a Chief Services Officer position may be needed to provide cloud options to the organization. That person would be agile enough to make it as easy for users to get services "as using a credit card and Amazon, but can still partner up and exert some control within the confines of the business." Enterprises need to become an internal managed services provider (MSP), she said. To do this, they need to speak with business users about their needs but also state that security can’t be avoided. Open the dialogue and discuss options, she said.
  

• Tony Orlando, Senior VP and GM CA Technologies Eastern U.S.: "Change can be uncomfortable and shifting a paradigm creates fear." Moving services off-premise can eliminate people and jobs. At the same time, if you roll out slowly or wait for dollars, lines of business get  frustrated and go directly to the service provider bypassing IT. You  need to be aware of these dynamics."

Share your experiences. Also read more from the event here.