Cloud thoughts
The cloud means a number of different things to different people. For some it is the new frontier, the way forward. For others it is outsourcing by a different name and even less control over what happens in the cloud. In true security fashion and one of my favourite answers, it depends. The reality however is that it is inevitable, in some aspects of your work you will come into contact with the cloud, or you will be asked to secure it.
So lets have a look at a few of the challenges in cloud world, and if your weekend or Monday is as drab, wet and cold as mine add your comments to the list. We'll try and keep it to pros and cons.
Pro Cloud:
- Free up resources from performing menial tasks
- Access to resources at a price you can afford
- Getting affordable offsite storage or backup facilities are often cheaper in the cloud than you can do yourself. Especially for smaller businesses.
- Quality content filtering solutions
- IDS/IPS services
- etc.
- Less limitations
- e.g. online backups. if you need more space, you purchase it and it is there
Con Cloud:
- You do not necessarily know where your data is?
- Many cloud providers have in their contracts that they can move your services about. So if it is important that your services are delivered locally, then some cloud providers may not be what you are after,
- How do you get your data back when the provider refuses access or goes bust?
- Companies go bust. If your core data resides with that company, how do you get it back
- Who has access to your information?
- The cloud is a shared environment. there will always be at least two parties that have access to your information, you and the provider.
- Attackers
- Legal entities, depending on the jurisdiction you are in different legal entities may have access to your data.
So that has us started. If sending through comments please state clearly at the start whether your comment is Pro or Con.
Happy thingking
Mark H
Comments
1. There is -no- agreed upon security standard.
2. Cloud providers are -not- responsible. They say so.
3. Pay for that?
4. Even Dilbert and Scott Adams know:
- http://dilbert.com/strips/comic/2011-01-07/?Page=2
"... You say "Cloud Computing" to an executive and their eyes glaze and they sign whatever PO you put in front of them. They have no idea what it is, but they have been told that they want it."
.
PC.Tech
Jun 13th 2011
1 decade ago
The "cloud" is the 21st century version of "The emperor has no clothes."
JJ
Jun 13th 2011
1 decade ago
* you don't have to have floor space, cooling, electricity, or personnel for a big old SAN
CON -
* you are still responsible for securing your data only now they are on a foreign / hostile system and you have no control over how they are moved, shared, or stored
Jason
Jun 13th 2011
1 decade ago
1. I would identify what cloud services I would want to use. I would probably only stay at the data storage service only.
1. For the data storage part I would completely risk assess all of my data and then only put data I am comfortable with if anything happened, taking local copies periodically.
For instance, I wouldn't put anything on there that would breach legal responsibilities if it became lost stolen or leaked.
I would also make sure the contract was pretty good to ensure a standard of service.
amilroy
Jun 13th 2011
1 decade ago
1) The cost of no security for your data could be astronomical in size. The legal implications HIPPA, SOX, etc also play into security of the data
2) Leaving the door open for everyone to look at the data just because it is "cheaper" up front is analogous to letting strangers wander through your house just because you you're too cheap to provide a lock on a door.
3) How exactly CAN you control who puts what data where? i.e. you ahve an internal network for 'secure' data but some nitwit drops the latest batch of personnel files 'in the cloud'
4) Once data is leaked to the cloud there is no absolute way to secure it again.
Eric
Jun 13th 2011
1 decade ago
If your internet connectivity is down, your access to the data/application/functionality is down (unless there is some offline capability build in). Some apps can tolerate this, but some cannot.
EVVJSK
Jun 13th 2011
1 decade ago
How do you do damage control if you don't even know this happens? Do you think you get a call every time someone has a problem or better yet do you think your cloud provider will tell you? No!!, and your customers just leave! Bad for business unless you have complete control, which you never can in the cloud.
How many times have you downloaded something from the net only to find it crawls, then you cancel the request and try again... and it works? Bet you are going to the cloud!
Cloud is cheap, but not a solution if you need something that is solid with full control. You still have to build your own upload network to make it work in any event.
Remember the days of peering arrangements? They still work but they cost more. Reason.. they are still better.. and you can see what is happening if you know how.
As the new cloud ages you will have more and more problems, not less. And no one will be accountable except you in your customer's eyes.
-Al
Al of Your Data Center
Jun 13th 2011
1 decade ago
Just one more way to load up nasty code to something, which now can be pushed globally in seconds!
Let's say aaa123.com is known to be viral. Do yo uknow if SDFLDSLSFDLFLFSD.cloudhosting.com is?
Al of Your Data Center
Jun 13th 2011
1 decade ago
That's actually a very good point. I remember reading about people who had extremely slow iTunes downloads while others were fast. People that had switched to Google's DNS servers were very slow because the iTunes servers tried to be geographically aware as a way of balancing load but everyone using Google's DNS servers seemed to come from the same location.
JJ
Jun 13th 2011
1 decade ago
1) Know that that your backup is on a physical different media than the original?
2) Test the integrity of the backup?
3) Perform a disaster recovery (e.g. to another cloud provider) ?
Jakob Staerk
Jun 13th 2011
1 decade ago