ThinkstockWhether clouds above your head ruin your day with a storm or offer you respite from a hot sun is often a matter of perspective. As organizations consider the role cloud plays in their solutions, whether this is a burden or opportunity is a matter of perspective.I recently asked, \u201cDo executives think you are relevant to cloud security decisions?\u201d (link) as a response to the finding that 61% of companies see moving to the cloud as an executive and board-level strategic move.With that much focus, it\u2019s natural to assess if we\u2019re part of the process. In many cases, the answer is no: 34% of organizations focused on moving to the cloud cite IT (including security) as the chief cause for the delay.As a security leader, you have three basic choices:Lead the effort to a more secure cloudReact to the decisions of others, likely with choices you wish were differentGet left behind entirelyThis series is called \u201cLeading Security Change\u201d for a reason: to share the mindset and actions necessary to exhibit leadership through change. To help, a panel of three security leaders with experience successfully navigating to the cloud with increase security shares their experience in writing (links here) and in a virtual panel discussion (July 21, 2pm Eastern -- register here).Here are some considerations to frame this series and your own journey.\u00a0Cloud? What do you mean when you say \u201ccloud?\u201dA recent picture making the rounds on the Internet points out that \u201ccloud\u201d is just a fancy term for someone else\u2019s computer. Good for a laugh, it also sets the stage for a productive conversation about the opportunity at hand.There is a time and place to explore the nuances and details of the various cloud-based offerings and solutions. For this program, the concept of cloud is simply the opportunity to offload processing, storage, and the like to \u201csomeone else\u2019s computer.\u201dThe key is to guide the process in a way that protects information while increasing value.What problem are we trying to solve?We\u2019re fed a steady mental diet of bad news (link). A constant focus on lapses of security, lack of control, and the prospect of shifting more and more to the cloud is a recipe for disaster, right?Not exactly.With a mind fueled by negativity and a necessary focus on exploring the downside of risk, it\u2019s easy to consider anything cloud another threat. In that vein, the cloud is the problem. It becomes another on a seemingly endless list of risks we have to address.It turns out the cloud may actually be our opportunity to address the real problem: how we protect the information our organizations depend on.Leading your organization to a secure cloud solution is a potential to enhance security. You might actually be able to get the controls you\u2019ve longed for. Better, someone else takes over the basic responsibility that affords you the time and energy focus on higher level and more valuable tasks.The three key aspects to considerThat means leading the effort to include cloud (however you choose to define it) in your strategy has at least three key areas to consider:Selecting: informing and defining criteria to guide the business to solutions that benefit them while protecting informationProtecting: once the decision for a specific solution is made, the process of understanding the environment and architecting the best way to keep information safeOperating: the process of measuring, evaluating, and adapting the controls, approach, or solution based on changing needs and available optionsSelectingThis is the opportunity for security to get involved early enough in the process that key considerations are included. The leadership opportunity is to incorporate security as a benefit to the business, and not an obstacle.Guide the organization through a process that identifies and captures a way to consistently address each of the following:What problem are you trying to solve?How to scopeHow to assessProtectingIdeally, protecting the data in the cloud is related to the selection process. Regardless of how well matched and complete the selection, the process of protection is based on what you can actually do. It requires an investment of time and partnership with the provider to explore at least the following areas in order to develop an appropriate approach (matched to your risk):Who\u2019s doing what, and why?How is access controlled?How is the data protected?Start with some basic questions:What can you do?What do they do?What is for their protection?What is for your protection?What can they do, even if it costs extra?OperatingWhile selecting and protecting solutions is necessary, the bulk of our time is often spent on the consumption of the services. The leadership approach is to develop clear and documented processes to:Measure performance and risk (yes, performance)Evaluate the functioning of controls and protections, including when new options are availablePeriodically assess value and improve (the current solution as well as the entire selection and protection process)Join the conversation to advance your leadership opportunityAs a roadmap for your journey and for this series, look for the insights and experiences of the panelists next week. Comments are welcomed below, on twitter, over email, and during the live virtual panel discussion on Tuesday, July 21, at 2pm Eastern.Use this program to guide how you lead your organization and accelerate the change.