20 Sep 2011
Sooner or later people are going to start noticing that, despite three years of vendors and resellers pushing the cloud concept, the majority of IT and security professionals still consider the risks too big for the modest efficiencies that can be made (One in four IT chiefs thinks cloud security fears are overhyped).
Perhaps cloud’s true purpose is to drive revenues of companies that can’t get a foothold in the hardware or operating system market.
How do these self-proclaimed “experts” qualify the following risks:
• lack of transparency about the level of security and the means of deployment;
• feasibility of vendors producing useful audit data across multiple countries and datacentres with differing laws and regulation;
• differing employment laws in differing countries both existing and in the future;
• criminals following the most lucrative markets;
• lack of visibility of user access (no technical auditing);
• lack of visibility of security incidents (no technical auditing);
• risk of collateral damage from attacks on other tenants;
• differing disclosure laws conflicting with differing privacy laws in different countries;
• access from public devices with malicious code or keyloggers;
• lock-in and lack of flexibility once entered into contract;
• providers ability to change service without consultation or risk assessment?
Hugh
Add your comment
