It may not be the state of play right now, but I suspect that in the not too distant future, it will be *compulsory* to store data in Azure, AWS or their like, because of the reasons that Greg L mentions above. They'll simply be able to do a better job at securing the data than overworked in-house IT departments that are expected to deliver the world with a budget that wouldn't buy an atlas.
I have several clients whose data involves healthcare information for clients. It is all stored on the Amazon cloud and the client has had no issues with this whatsoever (in one case, we are expanding their cloud infrastructure). If the government wants to look at your data, there's nothing much you can do to stop them irrespective of where it's hosted. They'll either come in through the front door (via something like a court order), or the back door (using a guy wearing a dark coloured hat), but they'll get at it one way or another. On 25 February 2015 at 13:28, Greg Keogh <g...@mira.net> wrote: > Folks, I have a demo SQL database in Azure and it's working nicely, but > now we have to consider how to get it into production use. My demo DB > doesn't contain any real names and addresses, but the live DB will have > information about hospital patients, and you can imagine how confidential > that is! I'm told they will demand the DB be stored on hospital managed > servers, which is a damn nuisance in reality as I'm sure many of you know > how tedious it can be trying to break through walls of bureaucracy around > IT departments in places like hospitals and the government. > > This opens up the whole issues of "trust and the cloud". Since the Snowden > revelations, I don't know how anyone with confidential data can trust cloud > storage. Even I don't trust it and all of my backups in Rackspace and Azure > blobs are pkzipc AES encrypted. So how on earth could a hospital be > convinced that cloud store is an attractive option? > > I just remembered that Amazon has a special area that is certified secure > so they can get government contracts. I haven't seen anything like that in > Azure. Despite that, it doesn't make me feel much better, as we now know > the NSA was intercepting hardware and bugging it, and coercing huge telcos > to put splitters in the backbones, and using secret FISA orders to threaten > other even huger companies to secretly hand over their records. So who the > hell can trust anyone in the cloud?! > > Is anyone dealing in this sort of cloud/trust business at the moment? > What's the state of play? is there any hope? Am I just paranoid? (who's > monitoring this email?) > > *Greg K* >
