Cloud security considerations
There are many concerns these days on security when taking services from cloud providers. All the areas where Schuberg Philis is actively being audited on, are area’s of concerns for IT managers.
How do I know my cloud service is being hacked and abused if it is not running inside my datacenter? What possibilities do I have to check if my employees are acting along the lines of my Acceptable Use policy? Where are the logs of that abuse, and how can I trust the logs? How do I know that my data is not copied elsewhere in the cloud, and analysed offline by my competitor?
With regards to cloud storage, the CDMI (Cloud Data Management Interface) is trying to address some of the questions, but is only one step forward.
Cloud service providers still have a long way to go. An initiative like Eurocloud is doing great work in paving the road to trust in cloud service providers.
When cloud service providers will be able to succesfully address the concerns, they have a big advantage over the classical IT model of running your own IT: they provide all the securities you would normally build and control youself, but combined with cloud advantages like fast provisioning and fast reuse of resources.
Small and medium-sized business will then be able to actually get a better and more secure service with cloud services, then what they could build and control themselves.
What does this mean for SBP? Sure there will be competition from the cloud providers. But we are nothing more than just another cloud provider. We build services for our clients with our own cloud technologies of fast provisioning, centralized log analysis, but since we build private clouds for our customers, these customers can demand tailored solutions to address their specific needs and concerns.
Cloud computing is not a threath to our business model, but is preparing the market more and more for putting commodity services in the big generic clouds, combined with the need of supporting highly tailored private clouds.
So it is time to face the fact: Schuberg Philis, the private cloud company!
Cloud computing is not a treat to our business model.. Don’t you mean not a threat to our Business Model… Actually I would beg to differ, cloud computing is nothing new, people have had their own private cloud networks for a very long time, OpenVPN and other so called Darknets provide an excellent example, it all depends on how much information your prepared to share about your business model with your competitor, if your busy hosting all your documents on another providers cloud based storage then what prey tell prevents that same cloud provider from reading your documents at their leisure.
I for one have no interest in sharing everything about my business model with a third party provider, especially ones that have a history of failure to deliver. As an example I used to use Nortons Anti-Virus but when that product failed me miserably and left my computer network vulnerable to attack I then decided to move to a totally different solution. So would I buy and use the Symantec Cloud Based security service. No I would not, because once I find your product fails in one department or area to which I have assigned it some measure of control I have no desire to watch it perform a repeat performance of failure with even more dire consequences.
Wait till your cloud based storage provider suffers RAID failure because no-body could be bothered to check the state of the RAID array disk storage for the last three years and when you find you can not recover your documents, then you may be singing to my tune.