Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Kenneth F. Belva

Cloud Computing Security at Newsweek

First, patch levels and security measures may be different in different parts of the world for the same company. There are global companies which “outsource” the maintenance of their remote locations to a local provider. This would mean effectively that the Chinese Google computers may not have been at the same levels of security of the US computers. Second, a much better measure of a companies information security program is not a single incident but rather their breach history. Lucky for us breaches of publicly traded companies that expose private personal information much be reported and there are well documented databases — such as OSF —  that allow us to research why such breaches occurred.

Mr. Lyons closes the Op-Ed by stating that:

These are the guys you should trust with your company’s most precious assets? After the China fiasco, some companies may start thinking twice.

The reality is that economics drives information security decisions as much as other business decisions. It’s a risk based calculus: how much will I save on infrastructure costs relative to spending if a breach occurs? The cost savings will justify the move to cloud computing because most organizations will not suffer large enough breaches to make such a move cost prohibitive.

Let’s briefly consider the worst case scenario. What if we take the proper legal/contract measures and trust our data to Google, Google gets hacked and our data is exposed? Perhaps cynical, but here’s the most likely reply to the breach: “We were hacked, but so was everyone else.” Lyons, where’s our fake Steve Jobs when you need him?

Post a Comment

Your email is never published nor shared. Required fields are marked *