There has been a lot of hand wringing and gritting of the teeth over data breaches of customer information as a result of lapses in outsourced providers of data. Of course the finger immediately points to yet another example of the “potential dangers of the cloud”. I think throwing this on the cloud is a red herring though.
Outsourcing to a 3rd party always represents some risk. Whether that 3rd party stored that data in a public or private cloud or in their own data center or even written on paper and stored in a file cabinet, there was an inherent risk involved. Any party outsourcing can mitigate that risk somewhat by following good due process before engaging a 3rd party.
The same holds true for hiring a cloud provider.Whether it is as simple as using cloud audit guidelines or just some good old common sense, you should check out your 3rd party provider whether they be a cloud provider or not.
But lets not throw babies out with the bathwater. The real culprit here was spearfishing attacks. They could have been launched against McDonalds and Walgreens directly as easily as they were launched against the 3rd party providers. It just goes to show that it only takes on weak link in the chain for an incident to take place.
The good news is that these incidents will make customers more demanding of cloud providers. Ultimately this will result in better cloud security. The march to the cloud will continue.
- Best Practices in Cloud Computing for 2010 (datacenterknowledge.com)
- The Journey to the Cloud (blogs.cisco.com)
- Rackspace Acquires Cloudkick (datacenterknowledge.com)
- Government Warnings Could Kill the Cloud (pcworld.com)
- Trust Is Key For Cloud Success And What Can We Do About It? (cloudave.com)
- CloudSwitch: Traitor To the [Public Cloud] Cause… (rationalsurvivability.com)