Skip to content

2011 Security Prediction #2: Insecurity in the FrankenCloud

January 5, 2011

Prediction #2: Insecurity in the FrankenCloud. For those of you who been listening to me for any appreciable period of time, you know that I’m very skeptical of the cloud, at least from a security perspective.  Where does your data go in transit?  How about at rest?  Is there any encryption?  What’s the authentication model for third parties to get to your data?  Does the transmission or storage of your PII data by your cloud provider violate any laws (e.g., PIPEDA, CA-1386, EU Data Privacy Directive/Safe Harbor?)  These are critical questions for security professionals, which cloud infrastructure providers seem extremely loathe to answer.
Of course, the fact is that cloud computing is likely here to stay; it does, indeed, provide efficiencies of scalability and performance that can be highly cost-effective.  Unfortunately, as with things technology, caveat emptor.  Organizations need to be extremely judicious both in their selection of a cloud services vendor (assuming they take a public cloud, rather than private cloud approach), and what services (and data) they elect to place in the cloud.  With everyone jumping on the cloud bandwagon and enlisting the services of clever marketing teams (“hey, we have a data center in Jakarta with a couple of extra servers… let’s call it a ‘Cloud Provider’!”), organizations need to remember that not all public cloud vendors, security policies, and infrastructures are cut from the same cloth.
By the end of 2011, I predict we’ll see at least one large-cap, commercial company get publicly burned by their use of cloud computing.  Most likely, this will be a data breach, but could also be a significant sanction from a regulatory body for violating controls defined in a piece of security or (more likely) privacy law.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: