Feeds

There’s no escaping the cloud

You can run, but you can’t hide

  • alert
  • submit to reddit

Reducing the cost and complexity of web vulnerability management

Feeling in a slightly mischievous mood, I stuck up my hand, reminded the presenter that the vendor hosting the conference had described the bank as a strategic customer, and had also talked about all of its sales and account management needs being fulfilled by Salesforce.com. Given the deep interaction between the two companies, I therefore suggested that a lot of proprietary information about the bank was probably being maintained in the cloud whether they liked it, trusted it, or not.

This would, for example, include the names, positions and responsibilities of key people, and who knows what other background on each. It could also include details of past and future projects, which trusted suppliers had been made aware of in confidence, or which had been mentioned indiscreetly by an employee over a beer with a salesperson. When I asked whether the aforementioned bank stakeholders were aware of this, or how they would feel if they realised it, the response was merely that this was an ‘interesting question’.

No escape

The point here was not to pass judgment on whether cloud services are a good or bad thing, either in absolute terms or for any given organisation, but simply to highlight the fact that there really is no escaping the impact of this trend.

In the example given, we were talking about CRM data, but as cloud-based ERP gets used in a collaborative supply chain context, as sensitive contract information ends up in the inbox of a supplier, customer or partner who happens to be using Google's hosted email service, and so on, we have to accept that the security and privacy of our proprietary business data will increasingly be dependent on cloud providers.

As the bank’s spokesperson said, this really is a very interesting problem, and there is no easy answer to dealing with it. Some cloud providers are clearly very competent and probably don't represent a significant risk, but if someone we deal with is putting information we care about into the hands of dodgy or inexperienced cloud players, there is a potential exposure, at least theoretically.

Against this background, I am interested in your views. Is this a real problem, or something we shouldn't get too hung up about?

Perhaps it's a question of making sure policies are in place to deal with the sharing of information or the vetting of third parties before sensitive information is shared with them. Does the dreaded DRM approach have a role to play? Then again, we could question if anything has really changed. After all, how well do we police the way in which other parties store and manage information that is confidential or sensitive to our business now?

I would appreciate any feedback or experiences you might have in this area.

Freeform Dynamics Ltd

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Wanna keep your data for 1,000 YEARS? No? Hard luck, HDS wants you to anyway
Combine Blu-ray and M-DISC and you get this monster
US boffins demo 'twisted radio' mux
OAM takes wireless signals to 32 Gbps
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Millions of 4chan users howl with laughter as Cupertino slams stable door
Students playing with impressive racks? Yes, it's cluster comp time
The most comprehensive coverage the world has ever seen. Ever
Google+ GOING, GOING ... ? Newbie Gmailers no longer forced into mandatory ID slurp
Mountain View distances itself from lame 'network thingy'
Run little spreadsheet, run! IBM's Watson is coming to gobble you up
Big Blue's big super's big appetite for big data in big clouds for big analytics
Seagate's triple-headed Cerberus could SAVE the DISK WORLD
... and possibly bring us even more HAMR time. Yay!
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.