Cloud Computing Economics - There Is No Free Service

Cloudonomics Journal

Subscribe to Cloudonomics Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloudonomics Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Cloudonomics Authors: Lori MacVittie, Skytap Blog, David H Deans, Shelly Palmer, Tim Crawford

Related Topics: Cloud Computing, Cloudonomics Journal, SaaS Journal, Government Cloud Computing, Green Storage Journal, CIO/CTO Update, Java in the Cloud

Blog Feed Post

Cloud Control Does Not Necessarily Imply Cloud Security

Can cloud provider X protect your company’s data better than you can?

Most of the commentary written about companies moving to the Cloud  focuses on  the loss of control over company data as a consequence of giving up self-hosted infrastructure. There is usually an implication that this is bad. I believe that is not necessarily a given. How may stories do you read daily about data breaches unrelated to the cloud? It’s almost cliche now.

The critical question that must be asked is “Can cloud provider X protect your company’s  data better than you can?”.

In many cases, the answer is yes. Basically [ in most cases] they do better than you do. They can afford to hire more staff  and deploy a more robust infrastructure. Their business depends on it. In a presentation I gave some time ago on located here, I listed the following as additional reasons why:

  • Security measures are cheaper when implemented on a large scale
  • Better security provides competitive advantage to providers
  • Increased standardization and industry collaboration
  • Improved forensic capabilities and evidence gathering
  • Improved resource scaling

Back of our aforementioned daily horror stories of data breaches. How many of those companies or organizations get closed down or do out of business due to their lax security practices? Not many. For cloud service providers, trust of their customers and potential customers is key to survival. Good security practices are not optional, they are a business imperative.

I’ve witness this first hand working for a financial industry application services provider. Long before “cloud” was a buzz word, there were Application Service Providers (ASPs) that basically performed as a Service ( SaaS).  There was a strong culture of security at all levels of the company, from the board on down.

Giving up some control means trusting your provider. This also requires doing your due diligence in selecting the right provier and having a proper service level agreement in place that will allow you access to verify that they are indeed adequately protecting your data.

Related posts:

  1. Moving data storage to the cloud? What’s your business continuity plan? Many trumpet increased availability as a reason to move to...
  2. Cloud-based…hacking?? I assigned my class a research paper on the security...
  3. Cloud Computing = Loss of Confidentiality? Interesting excerpt from article in ITWorldCanada: “Adi Shamir, a computer...


More Stories By William McBorrough

William J McBorrough is a Security Expert with many years of success Managing, Designing, and Implementing medium and large enterprise Physical and Information Technology Security Solutions. His experience spans the spectrum from small e-commerce start-ups to multi-campus state and federal agencies to multi-state financial sector organizations. He is also on the faculty of various universities including University of Maryland University College, EC-Council University, George Mason University and Northern Virginia Community College where he conducts research and teach graduate and undergraduate courses relating to cybersecurity, cybercrime, cyberterrorism, and information security and assurance. He holds a Bachelors of Science in Computing Engineering with a concentration in digital networks and a Masters of Science in Information Security and Assurance. He is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk Information System Control (CRISC), and Certified Ethical Hacker (CEH).He is well versed in personnel, systems and network security risk management. His core competancies include Developing cost effective solutions to enable mission assurance in the following areas: Enterprise Risk Management, IT Governance, Security Organization Development, Information Security and Assurance

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.