On Sun, Jul 14, 2013 at 12:29 PM, Andrew S. Baker <[email protected]> wrote: >> This is why I am down on using the Cloud in it's current form and >> function. > > Your data is no safer on-premise because...
While I think you list valid concerns, I'd quibble with "no safer". I'd agree completely with "Your data is not guaranteed to be safer with on-premise". > -- No one encrypts 100% of the data leaving and entering their facilities > -- The telcos are also in that group of organizations you mentioned, and > they provide all inbound/outbound connectivity I think it's less about data in flight (although that counts too) than the fact that most data doesn't exist in just one organization. Your insurance company has your personnel records, your bank has your finances, your vendors have your specifications, etc. This is one thing that make the cloud providers such attractive targets to spies; you only need to tap a small number of entities to get a big payoff. I wonder what kind of technical framework exists in, say, Amazon's cloud systems, to automate the discovery process. Is there an FBI search portal? How powerful is the query syntax? Does it associate each search with a particular warrant? > -- The on-premise apps from the aforementioned vendors may have all sorts > of backdoors Another reason to have a strong internal firewall policy, and insist on apps that use open protocols and data formats, so you can examine what's being transferred. Unfortunately, very few so insist. (Full disclosure: Myself included.) -- Ben
