By Brian Bourne
There have been no shortage of Cloud service failures recently. The latest being discussed in this ITBusiness article: “Dropbox drops the ball on account security”.
So this raises the question. How scared should the average business owner be about moving to the cloud? Of course it’s a complex question. If you look at it completely academically, you’ll need to value assets, calculate risk and all the rest. But let’s cover a few practicalities here.
It’s very common for small businesses (and some large ones) to have an attacker inside their systems for months if not years before anyone notices. When they do notice, there is seldom a competent forensic investigation to determine what has happened and for how long. Actually, what usually happens when there is a security incident is the sysadmin or IT provider does his/her best to patch it up and move on. So would you rather have someone directly inside your systems, or just have a bit of your data in a large pile of other data that a random person may or may not ever go through or use against you?
Don’t get me wrong, I’m not saying “a compromise is going to happen anyways so don’t worry about it”. What I am saying is that you have to evaluate how critical your data is, and how much you want to protect it. If you are really worried, build your own solid protection mechanisms. If you aren’t worried, then why would the cloud worry you any more or less?
While I predict there will be several large scale cloud compromises in the next year, the usual attitude of “I don’t need security, nobody would target me, and security consultants and products are too expensive” won’t position you any better. If you are using security as a reason not to move to the cloud, make sure you’re doing it better.
Brian Bourne is president of CMS Consulting Inc. and co-founder of SecTor and member of the ITBusiness.ca advisory board.
Brian brings over 17 years of IT experience and his expertise is grounded in systems integration work with large, complex, multi-platform networks. Brian is very active in the Toronto IT industry. He is a regular speaker at SecTor, InfoSecurity, TechNet and many other industry events. He is the co-founder and current executive of the TASK, the Toronto Area Security Klatch (www.task.to), which has grown to what is now the second largest user group in Canada and is entering its 5th year.
