I agree, there are companies that will do the encryption etc etc, you still need to ascertain if that will meet the federal compliance standards I spoke off, and if there is a BAA ( business associate agreement) with the vendor, and the SLA ( Along with a security SLA) and the right to audit, etc etc. Never just take the SAS 70, or the new SSAE16 part 1-2 for face value.
Also you have to consider for multinational organizations, Safe Habor, and EU privacy concerns and a whole host of other fun and tricky regulations landmines that are out there. Even for some US companies they have mandates that there data in the cloud can't be hosted outside the USA, and there are similar concerns over the pond in the EU itself. Like I said, for the latest skinny on what is coming down the pipe on that from check out the Cloud Security Alliance, and the Jericho Forum, and CloudSecurity.org. HTH, Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 -----Original Message----- From: Kramer, Jack [mailto:[email protected]] Sent: Monday, November 22, 2010 8:41 AM To: NT System Admin Issues Subject: Re: anyone use acronis offsite cloud backup There are companies that guarantee data integrity and security - one I work with, i365, encrypts all data on the client side to guarantee that only you have access, for instance. ---- Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 On 11/22/10 7:48 AM, "Ziots, Edward" <[email protected]> wrote: >Devils Advocate: > >Question: Why would I put corporate data in someone else's datacenter ( >cloud) without a strong security SLA, the right to audit, and assurances >of the CIA ( confidentiality, Integrity, and Availability) of the data >to only my users. Plus if you are under compliance mandates ( PCI, >HIPAA, SOX) then the cloud in its current state isn't going to fly for >some of these regulations. ( But the Cloud Security Alliance and others >are working on this aspect at the current time) > >Just because it's a backup-recovery, it is your data and I am sure a lot >of it is private or company confidential, and if those backups aren't >encrypted ( Confidentiality) and there is no SLA or Security SLA, then >you might be SOL when you need those backups the most. > >Food for thought, > >Z > >Edward E. Ziots >CISSP, Network +, Security + >Network Engineer >Lifespan Organization >Email:[email protected] >Cell:401-639-3505 > >-----Original Message----- >From: justino garcia [mailto:[email protected]] >Sent: Sunday, November 21, 2010 5:03 PM >To: NT System Admin Issues >Subject: anyone use acronis offsite cloud backup > >500 usd a year per machine for one tb online storage >http://www.acronis.com/backup-recovery/online/ >Is it worth it, anyone done it yet? > >-- >Justin >IT-TECH > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > >~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > >--- >To manage subscriptions click here: >http://lyris.sunbelt-software.com/read/my_forums/ >or send an email to [email protected] >with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
