The End User’s Challenge: Transparency
In my opinion, the cloud is a really good, compelling idea. It can reduce the cost of IT dramatically. Given that cloud computing is available, the idea of building new data centres these days seems like a last-century way of doing things.
On the other hand, for enterprises, the ability to see and touch your own systems in your secured data center does give confidence that you have some measure control of your destiny.
But most large corporations don’t have enough IT people or security talent to manage the IT resources they have, and so are turning to outsourcing.
Cloud computing is essentially the next generation of outsourcing, so that we’re not only reducing man power, but we’re getting rid of our hard assets entirely by moving them over to data centres anywhere on the planet that are going to manage this more cheaply than we ever could. And the idea of outsourcing security and liability is extraordinary compelling.
And because today’s cloud vendors offer literally no transparency and little information, don’t be surprised if you don’t like the answers you get. Most cloud vendors would say that for security purposes, it’s on a “need to know” basis, and you don’t need to know. Others state that they’re SAS 70 compliant, but that’s really just a self-certification.
Here are some questions you must consider asking:
Whatever regulatory standards your organisation must meet, so too must your cloud vendor. So if you think that by venturing into the cloud you’re saving yourself regulatory headaches, think again.
Security is the greatest barrier towards adoption of the cloud, and it’s no great surprise that cloud security – managing, verifying and trusting it – was a major theme at this year’s RSA Conference.
Unfortunately, improvements in cloud security won’t be seen as a priority until a major breach has a significant enough impact on one or more cloud service vendors and customers. That needs to change.
When it comes to cloud security, it is the end-user’s duty to understand what processes and methodologies the cloud vendor is using to protect the customer’s most sensitive assets. We don’t want the Government’s ‘G Cloud’ to be compromised – that would be a public humiliation that would have Cloud doubters in their own little Heaven.
Philip Lieberman is the founder and president of Lieberman Software, and has more than 30 years of experience in the software industry. He has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International.
Hundreds of AI and cloud engineers are being offered relocation out of China by Microsoft,…
Workers at unionised Apple store in Maryland vote to authorise first ever strike, after delays…
Elon Musk loses bid to avoid court order to force him to testify in SEC…
Explore how cutting-edge technologies are reshaping decision-making, driving innovation, and propelling businesses into the data-driven…
Anthem used by protesters in Hong Kong is blocked by YouTube, as critics lash out…
'Unexpected behaviour' of Waymo's self-driving vehicles triggers investigation by American safety regulators