ITsecurity
twitter facebook rss

Cloudy assumptions

Posted by on March 16, 2015.

The first surgeon wasn’t incompetent or careless.  In fact, when he ran into a problem, he took a lot of extra time to try and rectify the situation.

He did the surgery laparoscopically.  There are very good reasons for this.  Laparoscopic surgery creates smaller incisions, and so creates less damage to the body.  Unfortunately, in this case, it meant that he didn’t see all the problems.  He assumed that he had.

You know what they say about “assume.”  It makes an “ass” out of “u” and “me.”

Theee days, most people are assuming that the cloud is secure.  In fact, a lot of us know that “cloud” is actually an acronym.  It stands for “Could Lose Our Under-Drawers.”

In the first place, people using cloud services assume that people running the cloud services are doing all the security.  Users and customers assume that the cloud companies are esuring that everything is being kept confidential.  Users and clients assume that everything is being kept available and backed up.

Is it?  Why should it be?  If you are running a company and not worrying about security, why should the people who are running the cloud company do anything about security?  Maybe they are protecting confidentiality, but how?  Have you even asked them?  Is your password all that is standing between a world of intruders and your whole company’s database?  (Is your password all that great?)  And is there any other way of accessing your data?

Is the cloud company backing up your data?  What have they done about their own business continuity?  Do they hae other servers?  Does your data reside on more than one server?  Are the servers in different places?  (And does that put your data in another jurisdiction, and therefore possibly at some legal risk?)

How does the cloud company even know what is important to you?  How can they do risk analysis, when they don’t know that?

Our blindness, when it comes to the cloud, isn’t new.  Because the cloud isn’t new.  It’s part of what we used to call “distributed computing.”  Twenty years ago a group set forth the “fallacies of distributed computing,” and these eight points still make a valuable set of questions to ask about “the cloud.”


Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News_cloud, Rob Slade, Security, Uncategorized |