Cloud Security Issues

Bruce Schneier wrote a three part series (part 1part 2part 3) on cloud computing recently, part of a debate at the Economist. It’s a general look at the cloud from a few perspectives, and I think the thoughts are interesting. Whether they apply to you, or to what extent, you’ll have to decide.

The first part asks if companies should use cloud services. I love the answer at the beginning: “Yes. No. Yes. Maybe. Yes. Okay, it’s complicated”.

The decision is complicated and it’s not a binary decision. You may choose to use a cloud service like Dropbox to share video files, but not move any of your databases or Excel spreadsheets to the cloud. Your company might choose to outsource email, but keep all sales, finance, and inventory applications in house, or vice versa.

I think as each of us debates the decision, we’ll be driven by data. Not only cost data from each side, not only a risk or security analysis, but actually by the data we are talking about. We have to consider the risk of losing a particular set of data through cloud provider incompetence or disclosure to third parties (successful hacks or government intrusion). As data professionals, I’d like to think we’ll be intimately involved with the discussions and arguments about the reliability, security, performance, and control we need over our data. 

Is source code too valuable to trust outside the company? Is it worth managing email? Is a service providing CRM a better choice? There are no easy answers here. I’ve said more than a few times that I would never bother setting up or managing an email server again. However as I think about it, that might not be true. If I worked for a law firm, could I trust anyone outside of my company to prevent a breach of client confidentiality? The implications are unknown here and I wonder if a custom Gmail or Office365 solution is even defensible?

More and more, I think any debate with regards to cloud computing has to begin with “it depends” and dive deeply from there into the potential risks and rewards.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 2.4MB) podcast or subscribe to the feed at iTunes and LibSyn.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Uncategorized. Bookmark the permalink.