A thought on cloud security…

By Brian Bourne

There have been no shortage of Cloud service failures recently.  The latest being discussed in this ITBusiness article: “Dropbox drops the ball on account security”.

So this raises the question.  How scared should the average business owner be about moving to the cloud?  Of course it’s a complex question.  If you look at it completely academically, you’ll need to value assets, calculate risk and all the rest.  But let’s cover a few practicalities here.

Brian Bourne

It’s very common for small businesses (and some large ones) to have an attacker inside their systems for months if not years before anyone notices.  When they do notice, there is seldom a competent forensic investigation to determine what has happened and for how long.  Actually, what usually happens when there is a security incident is the sysadmin or IT provider does his/her best to patch it up and move on.  So would you rather have someone directly inside your systems, or just have a bit of your data in a large pile of other data that a random person may or may not ever go through or use against you?

Don’t get me wrong, I’m not saying “a compromise is going to happen anyways so don’t worry about it”.  What I am saying is that you have to evaluate how critical your data is, and how much you want to protect it.  If you are really worried, build your own solid protection mechanisms.  If you aren’t worried, then why would the cloud worry you any more or less?

While I predict there will be several large scale cloud compromises in the next year, the usual attitude of “I don’t need security, nobody would target me, and security consultants and products are too expensive” won’t position you any better.  If you are using security as a reason not to move to the cloud, make sure you’re doing it better.

Brian Bourne is  president of  CMS Consulting Inc. and co-founder of SecTor and member of the advisory board.
Brian brings over 17 years of IT experience and his expertise is grounded in systems integration work with large, complex, multi-platform networks. Brian is very active in the Toronto IT industry. He is a regular speaker at SecTor, InfoSecurity, TechNet and many other industry events. He is the co-founder and current executive of the TASK, the Toronto Area Security Klatch (, which has grown to what is now the second largest user group in Canada and is entering its 5th year.

Brian Bourne
Brian Bourne
Brian Bourne started his career back in 1992 working on large, complex infrastructure for one of the big Canadian banks. Today he provides leadership to 3 separate companies, a professional services firm, CMS Consulting Inc., a managed services firm, Infrastructure Guardian Inc., and what has become the largest security event in Canada, the Security Education Conference in Toronto (SecTor), operated by Black Arts Illuminated Inc. Brian is also the co-founder and sits on the current executive of TASK, a Toronto based security user group with over 3100 members. When he’s not working or triathlon training, he’s spending time with his amazingly supportive wife and kids or wrenching in the garage.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.