Daily Archives: November 29, 2011

Remember, You Can’t Control the Clouds!

Even though futurists have been predicting weather control for well over half a century, and even though the US Government tried to control the weather for over 20 years (primarily with respect to storm prevention), the reality is that we still can not control the weather, or the clouds.

Thus, the clouds, which are not fluffy magic boxes and not omniscient magic mirrors, and which are, in fact, filled with hail despite your sweet fluffy dreams to the contrary, are perfect metaphors for the new breed of virtual hosting solutions being offered by countless vendors.

As per a recent Ponemon Institute study, as summarized by this recent CFO article on Cloud Control, a significant majority of 127 cloud-computing service providers surveyed believe it is their customers’ responsibility to secure the cloud, not theirs!

When Bruce Lynne, managing partner of Financial Executives Consulting Group, said Cloud is just a fancy word for outsourcing, he was right and, as a smart CFO knows, when a company outsources, it sheds work, not responsibility. And the Cloud is inherently insecure. Heck, even Amazon has “no liability … for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications”.

And private clouds are no more secure than public clouds, because your data is still on a virtualized platform and this means that when a hacker accesses one server, he accesses them all! Almost instantaneously!

Plus, you have no idea how long your data hangs around if the service doesn’t fail. 90 days? 1 year? For as long as the service exists? Maybe the provider deletes your archived e-mails after 90 days as per the contract and your corporate data retention policies. Maybe the provider doesn’t. And you might not find out until you get sued and have to turn over 3 year old e-mails that weren’t supposed to be kept. And more importantly, how quickly can the provider retrieve all of your corporate e-mails for the past 90 days from the 10,000 employee data store that you have to turn over for discovery?

And then there’s the problem that it doesn’t matter how secure you are or how secure the provider is if even one of the cloud provider’s customers is insecure. Remember, it only takes one hacker to penetrate one server and … boom … game over.