It’s interesting how many threads there are on the Internet which still debate the difference between these two words – “Responsible” and “Accountable”. Oddly enough, today I stumbled across two definitions, from seemingly respectable sources, that hold diametrically opposite views! To me, the answer is simple – you can delegate responsibility but accountability remains fixed.This is a key point in the extended enterprises in which we now function. Firms are now made up of a myriad of off-shored and outsourced services, running on systems that are similarly fragmented and distributed across vendors. This complex tangle of people and data represents a huge challenge to the CISO who remains accountable for the security, and often compliance, of his employer yet is no longer responsible for their provision.With a methodical & comprehensive process, and a surfeit of resource (please stop laughing at the back!), the CISO does however have the ability to follow the data trails and manage risk down in this regard. Unfortunately, with the advent of cloud, things are taking a turn for the worse. Cloud vendors are reluctant to be scrutinized and the security and compliance demands of the CISO can often go unanswered. If cloud really is to be a mainstay of computing in the future, something has to give – we need to find a balance where compliance and security assurance requirements are met without fatally undermining the cloud model. This is a key topic for 2012 and something we’ll be following with interest. As security professionals, we remain accountable for resolving these issues, no matter how much responsibility has been pushed to 3rd parties and cloud vendors. So, how do you minimize the workload involved in managing the 3rd parties who make up your extended enterprise, and how do you gain assurance around cloud vendors? Join us at our upcoming Security Forum, November 9-10 in Miami, where we will delve into these issues further. Andrew Rose is a Principal Analyst at Forrester Research, where he serves Security & Risk Professionals. Related content opinion Just Let Me Fling Birds At Pigs Already! Thoughts On The Snowden / Angry Birds Revelations By Tyler Shields By Forrester Research Jan 28, 2014 4 mins Mobile Security IT Leadership opinion LG Is Learning An Embarrassing Privacy Lesson In The Age Of The Customer By Rick Holland By Forrester Research Nov 22, 2013 3 mins IT Leadership opinion Rise Of The Second Mobile App War By Tyler Shields By Forrester Research Sep 04, 2013 3 mins Application Security opinion Point Solutions Must Die By Forrester Research Aug 19, 2013 4 mins Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe