The End User’s Challenge: Transparency
In my opinion, the cloud is a really good, compelling idea. It can reduce the cost of IT dramatically. Given that cloud computing is available, the idea of building new data centres these days seems like a last-century way of doing things.
On the other hand, for enterprises, the ability to see and touch your own systems in your secured data center does give confidence that you have some measure control of your destiny.
But most large corporations don’t have enough IT people or security talent to manage the IT resources they have, and so are turning to outsourcing.
Cloud computing is essentially the next generation of outsourcing, so that we’re not only reducing man power, but we’re getting rid of our hard assets entirely by moving them over to data centres anywhere on the planet that are going to manage this more cheaply than we ever could. And the idea of outsourcing security and liability is extraordinary compelling.
And because today’s cloud vendors offer literally no transparency and little information, don’t be surprised if you don’t like the answers you get. Most cloud vendors would say that for security purposes, it’s on a “need to know” basis, and you don’t need to know. Others state that they’re SAS 70 compliant, but that’s really just a self-certification.
Here are some questions you must consider asking:
Whatever regulatory standards your organisation must meet, so too must your cloud vendor. So if you think that by venturing into the cloud you’re saving yourself regulatory headaches, think again.
Security is the greatest barrier towards adoption of the cloud, and it’s no great surprise that cloud security – managing, verifying and trusting it – was a major theme at this year’s RSA Conference.
Unfortunately, improvements in cloud security won’t be seen as a priority until a major breach has a significant enough impact on one or more cloud service vendors and customers. That needs to change.
When it comes to cloud security, it is the end-user’s duty to understand what processes and methodologies the cloud vendor is using to protect the customer’s most sensitive assets. We don’t want the Government’s ‘G Cloud’ to be compromised – that would be a public humiliation that would have Cloud doubters in their own little Heaven.
Philip Lieberman is the founder and president of Lieberman Software, and has more than 30 years of experience in the software industry. He has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International.
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…
European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…