The rest of the team is at a conference this week, and I admit that I'm running a little slow. I was supposed to be there, but a personal issue kept me home this year, and I find myself working slower than normal - perhaps because my team (and many other teams) aren't here to spur me on.

Anyway, One of our NSEs (Hey Jeff!) sent me this article over at Linux Magazine, and I decided that it was much more exciting than my prepared blog topic, so I am going to run with it.

Mr. Hess clearly isn't a security specialist, as he completely misses the boat on that front. The data left your building and is in the hands of a third party - there is greater risk. This is a simple axiom that I can't believe he doesn't understand. When he addresses "control" of data, he focuses (even in his ensuing comments) on backups and such. That's management of data, not control of data. While I generally agree with him that some applications are inevitably bound for the Cloud, his "resistance is futile" reference is rather weak. Risk management says that you need massive assurances before you put things like your customer data onto someone else's servers. Potentially worse than even customer data is proprietary and competitive data. There are just some things that you need to keep a tight rein on, and a cloud is one huge target to attackers - which might draw attention to your data that otherwise wouldn't have occurred.

The level of risk must be less than the expected outcomes... And thus far cloud computing has shown mixed results. The first huge "there's an attacker loose on our servers" announcement from a cloud vendor will definitely be the litmus test for how well we as an industry are willing to tolerate the risk. Meanwhile, there is something to be said for complete control of your infrastructure, but again, some applications will gravitate toward the cloud because it's low risk data and the cloud option is less expensive.

For most things, knowing your firewall configured with your rules is running between the data and the badguys is important, and knowing that your infrastructure investment in products like WAM and LTM can be leveraged to smooth over performance humps without having to pay extra is appealing too - at least it's a budgetable expense.

We live in interesting times, and depending upon your background, that's either a blessing or a curse ;-). Like everything else, the Cloud has uses but is no panacea, use it in ways that make sense for your organization, don't turn it into a religion.

Until next time,

Don.

Share this post :