By Brian Bourne

There have been no shortage of Cloud service failures recently.  The latest being discussed in this ITBusiness article: “Dropbox drops the ball on account security”.

So this raises the question.  How scared should the average business owner be about moving to the cloud?  Of course it’s a complex question.  If you look at it completely academically, you’ll need to value assets, calculate risk and all the rest.  But let’s cover a few practicalities here.

Brian Bourne

It’s very common for small businesses (and some large ones) to have an attacker inside their systems for months if not years before anyone notices.  When they do notice, there is seldom a competent forensic investigation to determine what has happened and for how long.  Actually, what usually happens when there is a security incident is the sysadmin or IT provider does his/her best to patch it up and move on.  So would you rather have someone directly inside your systems, or just have a bit of your data in a large pile of other data that a random person may or may not ever go through or use against you?

Don’t get me wrong, I’m not saying “a compromise is going to happen anyways so don’t worry about it”.  What I am saying is that you have to evaluate how critical your data is, and how much you want to protect it.  If you are really worried, build your own solid protection mechanisms.  If you aren’t worried, then why would the cloud worry you any more or less?

While I predict there will be several large scale cloud compromises in the next year, the usual attitude of “I don’t need security, nobody would target me, and security consultants and products are too expensive” won’t position you any better.  If you are using security as a reason not to move to the cloud, make sure you’re doing it better.

Brian Bourne is  president of  CMS Consulting Inc. and co-founder of SecTor and member of the ITBusiness.ca advisory board.
Brian brings over 17 years of IT experience and his expertise is grounded in systems integration work with large, complex, multi-platform networks. Brian is very active in the Toronto IT industry. He is a regular speaker at SecTor, InfoSecurity, TechNet and many other industry events. He is the co-founder and current executive of the TASK, the Toronto Area Security Klatch (www.task.to), which has grown to what is now the second largest user group in Canada and is entering its 5th year.

Share on LinkedIn Share with Google+
More Articles

  • I wanted to add something to this article by Brian. If you are looking at security concerns that exist within Cloud Computing, you should investigate the Cloud Security Alliance. Although fairly unknown in Canada, this group is creating the global standards for Cloud Security. They are working with leading fortune 500 companies and government bodies to establish security guidance used across the globe.

    We are authorized Cloud Security Alliance partners and are delivering Cloud Security Alliance training with a Canadian perspective across Canada this fall. Check out http://www.intrinsec.ca/cloud-security-alliance-training.html for more information on the training and to download the official CSA guidance as well as ENISA cloud risk management documents!

    Cheers,

    Graham Thompson