|
What you need to know about cloud computing |
|
|
|
|
| Written by Dave Tyson, on Mon-June-2009 |
Page 1 of 4
 In the early days of security convergence many questions arose about the usefulness, validity – and even the legitimacy — of this new approach to enterprise security risk. Many sought to dismiss it as the next big fad, or little more than prescriptive twaddle, but today it is clear that convergence has withstood the nay-sayers and cemented its position in the security universe. But while this internecine battle was raging, “Moore’s Law” was marching on; a new and unstoppable force was meeting the immoveable object of innovation. The result? Cloud computing — further proof, if any were needed, that the future is well and truly converged.
Of course, the very nature of computing is changing as we speak. Some
may say that this is simply about the ever-present pace of
technological change, but the realities of cloud computing — and their
consequent impact on security — are quite staggering and constitute a
true paradigm shift. If you are a traditional security practitioner,
you might be tempted to dismiss such pronouncements as further evidence
of the whimsical fantasy of The IT People (who often don’t make much
sense anyway!). We urge you however, to keep an open mind on this topic
as this is most certainly the real deal and, unless you have a strong
working partnership with the IT security folks, you may fail to see
this coming in your organization until it is too late!
Cloud computing has many definitions and presents varied possibilities,
but let us consider the general premise: you take all of your company’s
data, with all its intrinsic and proprietary value and all of its
combined worth, and you give it to someone else to store and manage for
you. No, not on your servers, but on the Internet! Now think about how
you’re going to secure that data when there are no buildings to patrol,
no alarms to set, no CCTV to monitor or no security patrols to conduct!
And in the case of a disaster, an incident or a breach, how will you
handle the investigation? If you need to get the company’s data back,
how will you know exactly where on the internet it is (or was) stored?
Will you even have permission to go looking? The answers to these vital
questions will all depend on the nature of the contract that has been
negotiated by the IT group with the organization’s cloud computing
providers.
|
