Sunday, October 11, 2015

Cloud Security

I follow a number of CIO-orientated blogs and this article popped up recently:
Why promises about cloud security make me uneasy
I couldn't have said it better myself.

The entire article is worth reading but I'll try to pull out the highlights here.
Cloud companies will tell you that their products and services are secure and you can use security products to ensure that your data and applications are secure. I am a bit skeptical.
I can maintain and monitor use and access to my user base and interrogate logs of application use however I lack key visibility when in comes to the cloud...
While many organizations struggle to "maintain and monitor use and access" at least they control their own destiny. In a cloud environment you will "lack key visibility."

You'll recall my observations in a prior post.
...as a CIO are you comfortable with this level of opacity to service failures?
From the referenced article:
I lack control of the cloud and am dependent on a third party vendor for disclosure and transparency ...
Not a comfortable position for a CIO.

To raise both sides of this topic, if you or your organization are not able to "maintain and monitor use and access" maybe delegating that to a cloud provider is the prudent thing to do.

Just make sure your boss is on board with your decision. And that you've got the mobile number of your cloud salesperson.

No comments: