Location : Cleveland, OH
The cloud versus on-premises versus hybrid seems to now be changing some views and conversations. Oh, there will be those that swear by outsourcing a company's network and storage, in the name of "reduced costs." However, it seems that if you listen carefully, the conversation is changing slightly. You have to be willing to hear those other voices.
You decided to move your data to the cloud, hoping for some sort of competitive advantage, some sort of "flexibility," only to discover that the security of your data isn't as easy to manage as you thought.
But wait, there's more.
The conclusion of the article is a good one, only if you are honest with yourself, with your data.
Link: HP Input Output: Your Cloud Won't Secure Itself
“The cloud is really outsourcing,” says Chet Wisniewski, security analyst for Sophos, which was one of the security companies that drew that connection. “Having somebody else take some burden of infrastructure, services that you could provide in-house and instead choosing to have someone else do it. Yes, you could call the lunch I had at the hotel ‘cloud catering,’ because a company that wasn’t owned by the hotel came in and prepared the food. But if I was poisoned by that food, I’d still hold the hotel liable.”The indeterminacy around who’s responsible for cloud security breaches could, in itself, be considered a security vulnerability.
You decided to move your data to the cloud, hoping for some sort of competitive advantage, some sort of "flexibility," only to discover that the security of your data isn't as easy to manage as you thought.
“If you have sensitive customer information and you put it out in the cloud,” Sophos’ Wisniewski points out, “the only person who has legal responsibility for that data is you. So if your cloud provider screws up and that data is released, you’re on the hook. You’re responsible for protecting your customer information, and doing due diligence to ensure it’s protected.”
Doesn’t that make it not only more important, but more difficult, for cloud customers to take charge of their own deployments? “Absolutely,” responds Wisniewski. “And the problem is that it’s damn near impossible to do. It gets really sticky when you start looking at regulatory situations. If I outsource something to Rackspace’s cloud service, for example, it could be running for one minute on a server in China, the next minute in Russia, and the next minute in London — or all at the same time if I’m representing three different customers. If they access their servers from one region, they may each be located in another region.”
But wait, there's more.
As if the rubble weren’t fine-grained enough, there’s yet one more layer of diffusion, which Webroot’s Ian Moyse perceives as being generated by the cloud market. Customers are being misinformed by various competitors, he says, using language that’s cloudier than their own services. As a result, it becomes impossible for customers to determine legally who’s responsible for technology they don’t understand practically.
The conclusion of the article is a good one, only if you are honest with yourself, with your data.
The problem, simply put, is fear. It’s where this whole exercise begins; it’s what brought us to this point. There’s a fear of not knowing what’s going on inside your systems. It’s the same fear if you’re 14 or you’re 41, if it’s your PC or your data center. But beneath that, there’s a deeper fear of finding out. Because then comes the real test of whether you’re responsible for the consequences. Do you know what you are meaning?
Link: HP Input Output: Your Cloud Won't Secure Itself
Powered By : Domino
BlogSphere V1.3.1
Join The WebLog Revolution at BlogSphere.net