What you need to know about cloud computingWritten by Dave Tyson Monday, 08 June 2009 10:16
In the early days of security convergence many questions arose about the usefulness, validity ”“ and even the legitimacy — of this new approach to enterprise security risk. Many sought to dismiss it as the next big fad, or little more than prescriptive twaddle, but today it is clear that convergence has withstood the nay-sayers and cemented its position in the security universe. But while this internecine battle was raging, “Moore’s Law” was marching on; a new and unstoppable force was meeting the immoveable object of innovation. The result? Cloud computing — further proof, if any were needed, that the future is well and truly converged.
Of course, the very nature of computing is changing as we speak. Some may say that this is simply about the ever-present pace of technological change, but the realities of cloud computing — and their consequent impact on security — are quite staggering and constitute a true paradigm shift. If you are a traditional security practitioner, you might be tempted to dismiss such pronouncements as further evidence of the whimsical fantasy of The IT People (who often don’t make much sense anyway!). We urge you however, to keep an open mind on this topic as this is most certainly the real deal and, unless you have a strong working partnership with the IT security folks, you may fail to see this coming in your organization until it is too late!
Cloud computing has many definitions and presents varied possibilities, but let us consider the general premise: you take all of your company’s data, with all its intrinsic and proprietary value and all of its combined worth, and you give it to someone else to store and manage for you. No, not on your servers, but on the Internet! Now think about how you’re going to secure that data when there are no buildings to patrol, no alarms to set, no CCTV to monitor or no security patrols to conduct!
And in the case of a disaster, an incident or a breach, how will you handle the investigation? If you need to get the company’s data back, how will you know exactly where on the internet it is (or was) stored? Will you even have permission to go looking? The answers to these vital questions will all depend on the nature of the contract that has been negotiated by the IT group with the organization’s cloud computing providers.