I would say that some people have "blind-trust" in the cloud, and those are the same people that get the "rude-awakening" when they find out that what they signed up for isn't what they are truly getting.
A lot of the discussion centers on security, risk, compliance, regulations, control and that is just on the customers side, what about background checks, and vetting of the staff that is going to work on your systems. I find that there is much greater chance for collusion and IP theft when a certain number of sys admins/DBA's don't have access to one businesses systems but maybe 100's if not thousands of systems. ( Let you imagination run wild) Also what about hacker groups, and other malicious actors taking up residence in the same cloud you are in and monitoring communications, or attacking systems within the cloud, or better yet, lets just hi-jack the portal where you go through to access and admin your systems, and we get all the credentials, and have a field day. Again so many possibilities when you move systems into the cloud because your surface to attack includes the entire internet now ( Are they maintaining a firewall for you? What about IPS/IDS ( wait that wasn't in the contract, oops, you get the idea) Most cloud vendors are going to tack on services to cover these issues, if at all, availability ( we have already seen multiple availability issues at multiple cloud vendors this year" ( Amazon and M$ to name two). All I can say is in every "cloud" some rain will fall, unfortunately when its falling on your head it isn't so funny. Most times, businesses are moving to the cloud for the financial aspects and totally ignoring, or blissfully ignorant of the data protection, security issues that are apparent in the cloud, all to save money on the bottom line. These are the same people that haven't been made aware of the risks, or just ignore them and accept that they might be hacked, or there system that have their data and services become unavailable for days on end and might be fine with that, or maybe now. All I can truly say when entering the cloud, "tread lightly" and put your least sensitive systems and data first and see how things go ( Non-confidental/public) And make sure if you are going to the cloud you have Security SLA's with the cloud vendor with teeth and repercussions if they don't uphold their end of the bargin. I would highly recommend you visit the Cloud Security Alliances website for more information about this and make an informed decision that will benefit your business/organization, before deciding whether you are going to play in the clouds or not. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Mathew Shember [mailto:[email protected]] Sent: Monday, June 27, 2011 3:08 PM To: NT System Admin Issues Subject: RE: Be Very Wary of "The Cloud"... Financial institutions are heavily regulated and can't treat security measures as an expense. I heard one Cloud person talking about who we don't need data centers, you can put your source code on the cloud. Are people willing to trust the cloud with that? Thanks, Mathew From: Andrew S. Baker [mailto:[email protected]] Sent: Monday, June 27, 2011 11:57 AM To: NT System Admin Issues Subject: Re: Be Very Wary of "The Cloud"... >>I want to have total control over my programs and data and I won't in the Cloud! All my backups are done locally on hardware and by personnel located in MY location! In many cases, this is a good business decision. In some cases, however, doing so adds cost that is not commensurate with the value provided. Knowing when this is true, is smart business. This is why every organization does not process its own credit cards, or manage its own ecommerce, or attempt to staff its own local data centers 24x7... ASB (Professional Bio <http://about.me/Andrew.S.Baker/bio> ) Harnessing the Advantages of Technology for the SMB market... On Mon, Jun 27, 2011 at 1:42 PM, MMF <[email protected]> wrote: The Cloud will cause the loss of both onsite jobs and hardware. That's not what concerns me. It's the loss of control and security that concerns me. I want to have total control over my programs and data and I won't in the Cloud! All my backups are done locally on hardware and by personnel located in MY location! M. Free <The Cloud is just another name for outsoucing. <If the cloud takes hold, datacenters will quick enough move to China/India and the IT profession in the US will be dead. <A few cisco guys will be left over to keep the internet up, and that's about it. <Fight the cloud! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
