| By William McBorrough |
Article Rating: |
|
| May 10, 2012 03:30 PM EDT |
Reads: |
1,562 |
Most of the commentary written about companies moving to the Cloud focuses on the loss of control over company data as a consequence of giving up self-hosted infrastructure. There is usually an implication that this is bad. I believe that is not necessarily a given. How may stories do you read daily about data breaches unrelated to the cloud? It’s almost cliche now.
The critical question that must be asked is “Can cloud provider X protect your company’s data better than you can?”.
In many cases, the answer is yes. Basically [ in most cases] they do security better than you do. They can afford to hire more security staff and deploy a more robust security infrastructure. Their business depends on it. In a presentation I gave some time ago on cloud computing located here, I listed the following as additional reasons why:
- Security measures are cheaper when implemented on a large scale
- Better security provides competitive advantage to providers
- Increased standardization and industry collaboration
- Improved forensic capabilities and evidence gathering
- Improved resource scaling
Back of our aforementioned daily horror stories of data breaches. How many of those companies or organizations get closed down or do out of business due to their lax security practices? Not many. For cloud service providers, trust of their customers and potential customers is key to survival. Good security practices are not optional, they are a business imperative.
I’ve witness this first hand working for a financial industry application services provider. Long before “cloud” was a buzz word, there were Application Service Providers (ASPs) that basically performed Software as a Service ( SaaS). There was a strong culture of security at all levels of the company, from the board on down.
Giving up some control means trusting your provider. This also requires doing your due diligence in selecting the right provier and having a proper service level agreement in place that will allow you access to verify that they are indeed adequately protecting your data.
Related posts:
- Moving data storage to the cloud? What’s your business continuity plan? Many trumpet increased availability as a reason to move to...
- Cloud-based…hacking?? I assigned my class a research paper on the security...
- Cloud Computing = Loss of Confidentiality? Interesting excerpt from article in ITWorldCanada: “Adi Shamir, a computer...
William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to multi-state financial sector organizations. He is also on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competancies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance
Subscribe to Virtualization Journal Email News Alerts
Subscribe via RSS
