Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cloud thoughts

Published: 2011-06-12
Last Updated: 2011-06-13 00:32:30 UTC
by Mark Hofman (Version: 1)
13 comment(s)

The cloud means a number of different things to different people.  For some it is the new frontier, the way forward. For others it is outsourcing by a different name and even less control over what happens in the cloud.  In true security fashion and one of my favourite answers, it depends. The reality however is that it is inevitable, in some aspects of your work you will come into contact with the cloud, or you will be asked to secure it. 

So lets have a look at a few of the challenges in cloud world, and if your weekend or Monday is as drab, wet and cold as mine add your comments to the list. We'll try and keep it to pros and cons.

Pro Cloud: 

  • Free up resources from performing menial tasks
  • Access to resources at a price you can afford
    • Getting affordable offsite storage or backup facilities are often cheaper in the cloud than you can do yourself. Especially for smaller businesses.
    • Quality content filtering solutions
    • IDS/IPS services
    • etc.
  • Less limitations
    • e.g. online backups. if you need more space, you purchase it and it is there

Con Cloud: 

  • You do not necessarily know where your data is?
    • Many cloud providers have in their contracts that they can move your services about. So if it is important that your services are delivered locally, then some cloud providers may not be what you are after,
  • How do you get your data back when the provider refuses access or goes bust?
    • Companies go bust.  If your core data resides with that company, how do you get it back
    •  
  • Who has access to your information?
    • The cloud is a shared environment. there will always be at least two parties that have access to your information, you and the provider.
    • Attackers
    • Legal entities, depending on the jurisdiction you are in different legal entities may have access to your data.

So that has us started. If sending through comments please state clearly at the start whether your comment is Pro or Con.

Happy thingking

Mark H

 

13 comment(s)
Diary Archives