On Mon, May 7, 2012 at 12:14 PM, Brian Mathis < [email protected]> wrote:
> Your data is the most important asset your company has, and it's > really disturbing to me that so many IT people are will to throw it up > into the cloud just for some marginal cost savings. > What is the security threat you are concerned about? If the OP is already hosting on Rackspace owned servers, in Rackspace (or someone else's) data centers, and using Rackspace's backup solution. Why not use Rackspace VMs or object storage? If Rackspace wanted to steal the data they could get it directly off the servers they manage, they wouldn't need to steal it from the backups. On the topic of general cloud security, I also ask, what is the threat you are concerned about? This goes back to the Dropbox vs. Google vs. host your own. Are you worried about the companies having a policy of stealing customer data? I'm not not, that would put them out of business. Are you worried about rogue employees of the host companies? If you want off-site, and can't own your own data centers around the world, there is always a threat of rogue employees at hosting companies, even if you own the servers. Also, rogue employees in your own company are just as big a threat. Are you worried about security flaws in the hosted solution? I'd be more worried about security flaws in my own solution. You are right that hardware is a minor cost compared to everything else (like salaries). But the management of that hardware is not a minor cost. If you are a small company you have a few choices for hosting. You can try to host everything yourself, in a building you own/lease, you can get some racks at a colo (owning the hardware), or you can use a hosting providers (dedicated hardware or "cloud"). Hosting in your own building is frankly silly. The cost of AC cooling and electricity alone is astronomical. Combined with other data center logistics like owning your own IPs so you can do BGP with multi-homed internet, and redundant power, it's pretty crazy for a small company. Hosting in a colo is reasonable, it eliminates the building infrastructure costs. But you still have things like network gear (router and switch) configuration, console servers or KVM, power distribution units, and the automation of that gear. Plus little things like DHCP. The cost of managing that can really add up, and you are still hosting with someone else. Or you can host with someone else. They take cooling, network, remote access, remote power control, and all you deal with is software that actually adds value to the business. It might even make your data more secure because you aren't wasting manpower on things like cooling, and you can instead deal with backups, security updates, and automation to recover quickly. Some companies and industries of data that's really worth stealing, stuff that affects national security or where billions of dollars are at stake. But for most companies, things like lists of customers or product inventories, no competitor will risk hacking infrastructure of a cloud provider to get that. There is a risk to the cloud, it adds another layer that can be exploited (like a security flaw in their API implementation), but really that's a small risk in the grand scheme of risks. -Anton
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
