Feeds

Easier to secure the cloud than your data center - IBMer

Really?

3 Big data security analytics techniques

To summarise, a rant

Risk and responsibility are the big issues here. A corporation hosting its important data retains control over security and the risks it is willing to take. If it screws up, it pays the price for it. In a cloud scenario, this isn’t the case. With most cloud providers, a security breach or provider screw-up will yield a heartfelt apology and a refund of the current month’s fee – and no more.

When we’re talking about important applications and data, the risk imbalance between the customer and cloud provider is massive. If there is a security failure or loss of data, you, the customer, could conceivably be put out of business. The cloud provider? They risk some reputation points and lost revenue – but they probably have plenty of other customers, or at least can get some more.

And you? You’ll be on the street living in a cardboard box and eating out of dumpsters until you finally die of exposure. Or, after being found guilty of criminal mismanagement of data, you’ll be thrown in prison and get shanked during a mess hall riot. Okay, maybe it won’t result in death … but having your business go down the tubes due to a cloud problem would be plenty uncomfortable.

Cloud providers have to put real skin in the game and provide explicit and specific guarantees on security and availability to convince enterprises that this is a valid choice for critical processing. SLAs will have to be negotiated and agreed upon, with penalties and remedies stipulated up-front.

To make this worthwhile, the cloud provider must have at least a minimum usage commitment from the customer that covers the provider’s costs. The cloudy ‘pay only for what you use, as you use it’ model is a non-starter in this context.

To conclude, a truly secure cloud offering isn’t really a cloud at all, in my opinion. It’s really a traditional hosting or outsource agreement. And those have been around for a long, long time. They aren’t trendy, hip, or cool, and in a lot of cases they end up costing more than providing the same functions in-house.

IBM, of course, is a leading provider of outsourcing and is also a cloud provider, so they have more than a little interest in getting enterprise customers to embrace clouds. [end rant]

The last line in the IBM blog asks, “Is Moss right? Or is this a bunch of self-serving IBM marketing spin?”

I weigh in on the side of “Self-serving IBM marketing spin.” But what do you think? Use the comments section below to share your own thoughts or rants. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Bored with trading oil and gold? Why not flog some CLOUD servers?
Chicago Mercantile Exchange plans cloud spot exchange
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.