I do agree that cloud computing is just another form of outsourcing--the same general rules apply to choosing a cloud computing provider as to choosing ANY outsourced service.
As to the notion that one data breach affects only one customer, that's not so in the information age. At the speed of light, the world can know about that breach--and the service provider risks losing any number of current and potential customers. John -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, November 18, 2009 10:51 AM To: NT System Admin Issues Subject: Re: Cloud computing... your opinions On Wed, Nov 18, 2009 at 9:55 AM, John Hornbuckle <[email protected]> wrote: > There's no reason it has to be undefined and > unverifiable, though. A good cloud service provider > can provide this. They should be able to; they rarely do, IME. Most businesses have a general mentality of not exposing information about their own operations. Some of that is fear of making it easier for copy-cats; some of it is a desire to sweep dirt under the rug. At the same time, in order for an outside contractor[1] to be as defined and verifiable as doing it in-house, they have to be *completely* transparent. So there's an inherent conflict. [1] = In most use cases[2], "cloud computing" is just the latest euphemism for "outside contractor". We've also seen this called "SaaS", "ASP", "outsourcing", etc. [2] = There are exceptions. They are a small minority. > As someone else mentioned, reputable service providers > are just as concerned about the protection of their > customers' data as their customers are. I highly doubt this. For a contractor, a single-customer data breach means you loose a customer. For the business, that same data breach can mean anything up to going-out-of-business. Sure, the provider has a motivation to do well, but not the same motivation. It's like the joke about bacon and eggs. The chicken is not as invested as the pig. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
