On Sun, Dec 22, 2013 at 6:59 PM, Andrew S. Baker <[email protected]> wrote: >>>Amazon's cloud is external to its customers - Amazon's staff, > procedures and infrastructure are a risk to its customers. > > That's as illogical a statement as the following: > XYZ Bank's technology infrastructure is external to its customers - XYZ > Bank's staff, procedures and infrastructure are a risk to its customers...
That's a pretty fair analogy - and both statements are true. On the other hand, banking is much better understood - experience with banking goes back hundreds of years, with concomitant expertise in many fields in dealing with the risks in banking. The experience around computing is much more shallow, and the risks are not as well known, nor has nearly as much thought and practice gone into mitigating them. >>>Except when suborned or perverted by money, patriotism or blackmail: > http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220 > > And how does you maintaining your infrastructure on-premises, but having to > rely on 3rd party telecommunications mitigate the above risk in any way? It's not just that specific incident - that's but one example, and in this specific instance, there was no remedy - trusted parties were subverted, and the same can happen in other fields. I'm not arguing for perfection here - just a recognition that complexity brings risk, and that keeping things simple and under more control is usually wise. Indeed, for some businesses, especially small ones with no IT staff, or very limited IT staff, going with a public cloud might make sense. But if a business has good IT staff, I'd venture that migrating most or all of their infrastructure to a public cloud isn't their best bet. Kurt
