This sounds pretty absurd, and for my friend, there is a lot at stake, especially worry about his credit rating. He put his trust in an organization that has resources, well beyond his own, and at the very least he had an assumption, that this was a partnership in security. He was wrong on a lot of levels. Even scarier, this same belief is being practiced with the ever-increasing shift to the cloud through SaaS and IaaS.
Much like my friend, organizations place a lot of control in the hands of a third party. Data, and in many cases whole infrastructures (IaaS), now rest outside the boundaries of an organization's IT team. Perhaps with all that control out of our hands we can breathe a sigh of relief, and focus on what really matters - determining how to handle the inevitable security tsunami that has been triggered by all this movement to the cloud.
If that sounds a little apocalyptic, you may want to read a recent article posted at net-security.org. Covering a recent Ponemon Institute survey, Help Net Security found that, “... of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures.” In more direct words, that means all the warning signs are there, the professionals have weighed in, but organizations are still moving forward.
This article has a lot of frightening statistics, all of which seem to point to the fact that most organizations seem to be rushing to the cloud without proper preparation and tools to manage security. While it doesn’t point to any single, driving fact, or issue, these early adopters are most definitely excluding, or perhaps more accurately losing, the control that they have with tight Change Management and Configuration Management processes, controls, and systems. Without these, what you are really setting yourself up for is a letter sent through physical mail, that's ambiguous and vague. A letter, that as as service to you, let's you know something happened. But what happened, to whom, and how bad it was are left buried in the ether.
Much like my friend, organizations place a lot of control in the hands of a third party. Data, and in many cases whole infrastructures (IaaS), now rest outside the boundaries of an organization's IT team. Perhaps with all that control out of our hands we can breathe a sigh of relief, and focus on what really matters - determining how to handle the inevitable security tsunami that has been triggered by all this movement to the cloud.
If that sounds a little apocalyptic, you may want to read a recent article posted at net-security.org. Covering a recent Ponemon Institute survey, Help Net Security found that, “... of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures.” In more direct words, that means all the warning signs are there, the professionals have weighed in, but organizations are still moving forward.
This article has a lot of frightening statistics, all of which seem to point to the fact that most organizations seem to be rushing to the cloud without proper preparation and tools to manage security. While it doesn’t point to any single, driving fact, or issue, these early adopters are most definitely excluding, or perhaps more accurately losing, the control that they have with tight Change Management and Configuration Management processes, controls, and systems. Without these, what you are really setting yourself up for is a letter sent through physical mail, that's ambiguous and vague. A letter, that as as service to you, let's you know something happened. But what happened, to whom, and how bad it was are left buried in the ether.
Image: Flicker, walknboston
The cloud infrastructure is great for accessibility, but that goes for unwanted access as well. I agree about "Cloud Security" being an oxymoron give its current stage.
ReplyDeletecomputational modeling