Tuesday, December 21, 2010

How secure is "The Cloud"?


I don’t trust Google at all and what ever happened to their mantra of “Don’t be evil”?!  http://www.f-secure.com/weblog/archives/00002076.html That being said, if this was some startup that was offering this service instead of Google would you feel the same way?

Where does the data reside? Who has access to it? Is it backed up? If so where do the backups reside? etc...Its not the point of having data off site, its not having the guarantee and control of the data after its offsite. I’m satisfied with the technology of having it delivered securely to where the data silo’s reside, its after the data's at rest where the security issue comes into play.

This being said some data is more confidential than others and some companies might benefit from this model. If you think about it this is really nothing new, customers have been pushing their data to MSP's or hosting there data in co-locations for years.
You need to look at the confidentiality, integrity, and availability of the data to make a wise decision. Do you really know whats going on with your data at all times? Are you sure people aren't making copies of your backup tapes (confidentiality) or changing the data after it was at their site (integrity) and are you guaranteed you'll be able to get to your data when needed (availability)? Etc, etc, etc...

You also take this risk with internal employees and data, but you have the control to make adjustments and take action quicker when the data resides in-house.

I think this is all based off risk. If you can afford the risk it might be a good idea. That’s the major reason customers of MSPs actually went down this road to begin with. The risk and price of doing business was acceptable to doing business without it.

So I guess it depends on the company and the data being stored, but if possible it wouldn't be my first choice. 

No comments:

Post a Comment