External cloud scenario 1: You buy into the philosophy, benefits, and new applications that cloud computing offers. After many months of negotiations and general political maneuvers within your company, you finally get the go ahead for a cloud project. Let’s assume the set-up was easy (NOT), the transfer of data was seamless (NOT), and users experienced no issues with the transfers (NOT). A month into the project everything is working as you had planned as IT costs have decreased, workload has decreased, and users are generally happy. A few months later your CEO and Chairman of the Board receive notification from the cloud vendor that a major breach has occurred and all your confidential information is at risk. Now what?
When you peel back the datacenter 3.0 / web X.0 onion, the most important intellectual property that companies maintain is information. This information is stored in sensitive files and databases that capture everything from your buying habits, to key financial metrics. It’s hard enough for companies to secure this data when they are in control of the physical security let alone to hand this responsibility to a cloud vendor.
Many answer this question with a simple phrase; “Trust us.” They point that security concerns are overblown and are no worse in the cloud than they are in the enterprise. Exactly, that’s what worries me! Tell this to the individuals that have had their sensitive information stolen from banks, retailers, and the US Government.
Trust Us, No Thank You.