Will Cloud Security Drive You Insane?

First, the transparency … I have known Jim Reavis, co-founder of the Cloud Security Alliance (CSA), for a dozen years or so. He is a true visionary. He met with me before creating the CSA and asked me what I thought. I told him to go for it. He did and has had remarkable success with the venture. I volunteered to help out with Version 2.1 of the Security Guidance for Critical Areas of Cloud Computing (see https://cloudsecurityalliance.org/wp-content/uploads/2011/07/csaguide.v2.1.pdf ) particularly in the application security, portability and interoperability areas. I did a little work on revising the Guidance, which will soon be out as Version 3, I believe. I am also a strong advocate of IT outsourcing and cloud computing as long as appropriate due diligence is performed. Furthermore, I support the idea that small and medium-sized businesses (SMBs) can benefit greatly from security services offered by some cloud services providers, when compared to their own internal capabilities.

Now, the issue … In John Bussey’s article. “Seeking Safety in Clouds,” in the September 16, 2011 issue of The Wall Street Journal, Jim Reavis is quoted as saying “Small and medium businesses are insane not to leverage the advantages of cloud computing … It ends up being in almost all cases a security upgrade because they can’t otherwise afford the practices.” While I agree that smaller companies can and do benefit greatly from cloud computing and that, if security is implemented appropriately, the cloud services can be more “secure” than in-house systems, I have two issues with SMBs diving pell-mell into cloud services without considering some of the risks.

Post a Comment

Your email is never published nor shared. Required fields are marked *