Why everything you think you know about Cloud Security is wrong - Part IIl

By BAASS Consultant | Sep 8, 2014 12:00:00 AM
 

Continuing my blog regarding Cloud Security Myths, we now reveal the next 4:

  • Myth: The cloud is bad for the environment

This myth has been perpetuated by Greenpeace campaigns and stories such as the New York Times’ “cloud factories” series, which stated that the “foundation of the information industry is sharply at odds with its image of sleek efficiency and environmental friendliness.”

There’s no question that data centers consume huge amounts of energy. But when businesses move from on-site facilities to consolidated cloud data centers, it saves energy and cuts pollution — just as relying on power companies is better for the environment than if everyone had to run their own generator. In one simulation last year, researchers at Lawrence Berkeley National Laboratory and Northwestern University estimated that if all U.S. companies shifted e-mail, spreadsheets and customer management to the cloud, they would shrink their computing energy footprints by 87 percent. And a 2010 report from Pike Research predicted that cloud computing could cut global data-center energy use by more than a third by 2020.

It is not a fad, you don’t need to be a geek to use it (remember you are all using it right now), and it will not be eliminated by the environmental movement. It is viable technology that will not only grow but grow exponentially over the next few years.

  • Myth : Cloud Provider will sell my data

There are some extreme circumstances where an organization is obliged to provide data but these circumstances are not much different than if that data was in an on premise environment. If you are concerned about the ability to sell your data or the privacy of your data check the contract before your sign it.

Many Canadian organizations fear hosting certain data in the US yet are willing to use hosted email services like gmail and yahoo mail for day to day private communications. If willing to use a hosted email service with data centres in the US it would seem reasonable to not be concerned where most hosted data and applications reside. 

The patriot act in the US allows the US government to access data in order to protect the US against threats of terrorism. Canadians fear this act feeling it will allow the US government carte blanche access. Be aware that even if your data is a Canadian Data Centre the Canadian government will provide access to your data if it there is a threat against Canadian or US national security. Your data is exposed no matter where it is located including on premise data.

There are some extreme circumstances where an organization is obliged to provide data but these circumstances are not much different than if that data was in an on premise environment. If you are concerned about the ability to sell your data or the privacy of your data check the contract before your sign it.

  • Myth : Can't get my data back if I change my mind

Again check your contract but almost all cloud providers allow you to export all your data at any time.

Sage 300 will provide an SQL DB of your data which can be easily converted to an on premise Sage 300 DB. Otherwise flat file exports of all data are available.

Intacct provides flat file export of all data as well.

  • Myth : Clients that share a public cloud can attack each other

Cloud providers take many precautions to prevent attacks from other subscribers that share the same cloud environment. Hypervisors, which provide  separation between customers occurs in a cloud environment, are extremely difficult to attack — however, the hypervisor must be properly patched and maintained. Additionally, the management layer can be isolated from the end user resources by placing it on a separate management network.

Picture1-7

 

Part 4 of this series will reveal the final 3 Cloud Security Myths so stay tuned!
Read More >

Everything you know about Cloud Security is Wrong - Part I

By BAASS Consultant | Jul 13, 2014 12:00:00 AM

Recently I presented a webinar entitled "Everything you know about Cloud Security is Wrong". I thought I would present portions of this webinar in my next 2 or 3 blog posts.

Read More >