There’s quite the reaction across the blogging community today to a particular article by ComputerWorldUK: Cloud computing is just outsourcing, says Information Security Forum. The article quotes Adrian Davis, principal research analyst at ISF, from his speech at (ISC)2 SecureLondon Conference, including this bit about the insecurity involved in trusting cloud security to providers:
“If you don’t know the classification or sensitivity of information, how do you judge what goes in the cloud and what doesn’t? How does the cloud service provider back up and destroy the information? Is there proof that everything they do happens?” Davis said.
While the issue at hand seems to be that most people disagree with the assumption that cloud services are another form of outsourcing – like David Lacey, who also attended (ISC)2, disagrees in his own IT Security blog – there is another aspect of assumptions and fear-mongering happening here. While I would agree with the caution that Davis is strongly suggesting the enterprise exercise, it seems more users would benefit from being educated on the ways to avoid his seven deadly sins rather than having a finger wagged at them. Mike Vizard blogged about one motivation for raising security concerns related to the cloud:
In face, most of what gets ascribed to security in the cloud are really data management and compliance issues, or simply deliberate attempts to create concern over security as part of an effort to protect jobs that might be threatened by cloud computing.
Is that a fair assessment? Is there simply a lack of understanding surrounding the technology that has spun off into a misunderstanding of security surrounding that technology? How do you respond when you hear negativity toward cloud security: Do you run away or desire to learn more about how to avoid common pitfalls?
Let us know in the comments section or send me an email at Melanie@ITKnowledgeExchange.com.