> Indeed, for some businesses, especially small ones with no IT staff, or very > limited IT staff, going with a public cloud might make sense. > But if a business has good IT staff, I'd venture that migrating most or all > of their infrastructure to a public cloud isn't their best bet.
I think this is a pretty simplistic view. There's a huge range of options outside simply "public cloud" (which I take to be IAAS, from the rest of your post) > That's a pretty fair analogy - and both statements are true. On the other > hand, banking is much better understood - > experience with banking goes back hundreds of years, with concomitant > expertise in many fields in dealing with the risks in banking. > The experience around computing is much more shallow, and the risks are not > as well known, nor has nearly as much thought and practice > gone into mitigating them. What do you do for your electricity supply? Surely that's pretty critical to the business... What about legal services? Do you maintain an entire in-house legal team? What about marketing? Banking and finance? You buy most of your software "off the shelf" don't you? There's another third party you've moving risk to. Most businesses use lots of external parties for many critical services, and still manage to survive. Even banking, which you state has been around for hundreds of years relies on technology that's been around for mere decades, and every large bank has most of its base services (whether that be infrastructure or development - OTS or bespoke) outsourced to 3rd party FWIW, we spend something like $1bn/year on IT&T (according to our annual reports), and have >1000 in IT internally, even though we have substantial external partners providing services. You might think that doing things "in house" would be a better option for us, but then I think you don't understand the complexity involved in managing sprawling business that this would then engender. It's pretty much the same with every other function outside banking - we don't do low level property management, marketing execution, legal, payroll, utility supply etc. etc. Cheers Ken -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Monday, 23 December 2013 2:31 PM To: [email protected] Subject: Re: [NTSysADM] RE: 40 Million CC breach at Target.... On Sun, Dec 22, 2013 at 6:59 PM, Andrew S. Baker <[email protected]> wrote: >>>Amazon's cloud is external to its customers - Amazon's staff, > procedures and infrastructure are a risk to its customers. > > That's as illogical a statement as the following: > XYZ Bank's technology infrastructure is external to its customers - > XYZ Bank's staff, procedures and infrastructure are a risk to its customers... That's a pretty fair analogy - and both statements are true. On the other hand, banking is much better understood - experience with banking goes back hundreds of years, with concomitant expertise in many fields in dealing with the risks in banking. The experience around computing is much more shallow, and the risks are not as well known, nor has nearly as much thought and practice gone into mitigating them. >>>Except when suborned or perverted by money, patriotism or blackmail: > http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9 > BJ1C220131220 > > And how does you maintaining your infrastructure on-premises, but > having to rely on 3rd party telecommunications mitigate the above risk in any > way? It's not just that specific incident - that's but one example, and in this specific instance, there was no remedy - trusted parties were subverted, and the same can happen in other fields. I'm not arguing for perfection here - just a recognition that complexity brings risk, and that keeping things simple and under more control is usually wise. Indeed, for some businesses, especially small ones with no IT staff, or very limited IT staff, going with a public cloud might make sense. But if a business has good IT staff, I'd venture that migrating most or all of their infrastructure to a public cloud isn't their best bet. Kurt
