Cloud or On-Premise: Which is more secure? | SYS-CON MEDIA

by Filip 11. December 2010 07:32

I’ve often heard “we’re not going to put our sensitive data in some data center, are we? Who knows in what hands it’ll fall?” That strikes me as odd.

Consider the following scenario’s:

  • Could I possibly find names, phone numbers, or e-mail addresses of staff in your organization in social media or publications? And if I can, how realistic would it be to contact someone in your company, say a secretary, and gain her trust by presenting myself as being hired by one of the names I found? Would she possibly allow me to access her computer remotely then?
  • Does your cleaning company have physical access to your server room? Did you screen them?
  • If I park my car just outside your office, could I pickup a WiFi signal? Do you think I can break its encryption? Also if I have all night to try?
  • Did you know it is possible to pick up the image from a computer screen just by tapping in on its power cable?
  • How likely is it your server administrator didn’t set appropriate permissions on some shared folders because he had more important things to do?
  • How likely is your server administrator to leave the company with a grudge?
  • Do employees in your organization take their laptops home after work? If someone would break into their car or their house, what information would they find on that laptop?

These are just a couple examples of actual scenario’s that lead to information theft. Much more lead to data-loss. I’ve actually seen a large organization loose all of their stored e-mail overnight because their SAN (yes, RAID-5 and geographically dispersed) was running obsolete drivers. Things went wrong when they replaced it with a newer model. Even the backups were corrupted because of that. They just didn’t take the time to run a restore by way of test now and then. Do you?

Let's face it, unless your core business is running a data center, chances are you do not have the know-how or resources available that companies like Microsoft, Amazon, and Google have to fight off security threats. And if your core business is not data storage, it would be unwise to spend money on such resources. The core business of professional service providers is data storage. They cannot afford to loose the data their customers entrust to them. And they probably won’t. Dmitry Sotnikov describes why not:

  • High security standards of the datacenters: a lot of these are compliant with SAS 70 Type I and Type II and ISO/IEC 27001:2005 – does your datacenter get formally certified that high?
  • Clear segregation of duties: people running the datacenter are not your employees, they have no idea what kind of data is getting stored by who and no vested interest in seeing that data,
  • Needle in a haystack effect: public clouds have multiple customers, so even if a squad of ninjas attack the datacenter and manage to steel a hard drive it will just have some bits from data from various customers in format specific to a particular application and probably encrypted – making the whole exercise completely meaningless,
  • No local device data: your local laptops or mobile devices only work with remote cloud data – so if the device gets lost or stolen you loose the device, not the data.
  • Security is in the cloud business model: for any credible SaaS vendor security is number one concern. They implement specific security measures such as data isolation, audit trails, and so on.

Read the article at Cloud or On-Premise: Which is more secure? | SYS-CON MEDIA

Tags:

Organization | Technology

Permalink | Comments (0)

Add comment




  Country flag
biuquote
  • Comment
  • Preview
Loading


About

flip.be provides guidance and solutions to help organizations of all sizes manage their IT infrastructure running on Microsoft® technology. [More]