I heard of an instance recently where a bank inadvertently sent an email to a customer that contained sensitive info. The bank got a court injunction shutting down that users email account so they could purge the email.
An apples-and-mineral comparison to be sure, but that innocent end user was without his data for a few days thru no fault of his own, because the webmail provider felt compelled to comply. While Google probably has better redundancy, security and resiliency than you or I ever will, they may not have the same management policies. That could be a significant factor. -sc From: John Hornbuckle [mailto:[email protected]] Sent: Tuesday, November 17, 2009 11:33 AM To: NT System Admin Issues Subject: RE: Cloud computing... your opinions Statistically, do we have any reason to believe that cloud computing is less secure than internal hosting of data? Assuming one is dealing with a reputable service provider, are the odds really any greater of there being a security breach in the cloud versus an internal breach? For instance, we have some data hosted by Google. Now, I'm reasonably confident in our own internal security-but not so much so that I would presume it's more solid than Google's. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, November 17, 2009 11:16 AM To: NT System Admin Issues Subject: RE: Cloud computing... your opinions The security of the Cloud, is the real issue, can you really trust your data and applications being co-mingled with others data and applications, especially when you have to comply with PCI/HIPAA/GLBA/Sox and other regulations ( especially PCI which has some stringent controls and makes classifying data and there associated systems and the level of protect to data and system integrity quite hard to get around) There has been plenty of articles written about Cloud security, and its pitfalls, so again, to each there own, if they think cloud computing is a good thing for your business and you have the risk appetite for it, then by all means go for it. If you are bound by regulations aforementioned above, you better have a serious look at what the letter of the law says and what you need to comply by in regulations, and ensure that the data you are going to put in this cloud, complies to those regulations, no matter where in the cloud it is at, and no matter what other data it might or might not be co-mingled with. Personally, cloud computing in its present state is flawed, abeit if not seriously. Why would you let your data and applications outside your control? I love how industry comes up with these lovely buzzwords and ideas, and force feed it down executives throats till the point they think it's a great idea, and they try and sell us, the people that know the architecture of properly secured systems, and look at that, and equate it to using toilet paper to wrap your house in, in the middle of a tornado to ensure it won't get blown away. Again, not a risk I would take either, Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
