Quote:
Originally Posted by Shawnski
I will not touch the "cloud" ever if I can help it. And I am not recommending it in any way shape or form to any clients. It is madness to allow your important information to be held outside your realm and control.
|
You could have said the same thing 31 years ago when the IBM 5150 was introduced and began a massive shift away from centralized mainframes and mini's to micro's. Everybody said the same things, and all the same lessons and rules apply.
Competent technical architecture and staff, strong security compliancy to accepted standards, and the controls in place to monitor and enforce access at all layers, and you have very little to worry about. (well, you have tons to worry about, but the point is you make sure you DO worry about all of them, to the appropriate degree, and action those worries, so they don't become problems down the road)
Miss any of those things, and you do. And guess where you find those things missing in most cases - any organization that doesn't have sufficient numbers of highly trained IT professionals that have a focused mandate to deliver those services in that manner to the business. Which is a lot of them, cloud or not.
In contrast, the security and availability of a cloud provider's infrastructure is their entire focus, because it's all they do - so the ones that are good, and that are going to prosper in a cloud transition, are going to be very good at it.
There will be lots of spectacular failures, just as there have been countless times in the non-cloud space, and it will always boil down to the same thing - a lack of competence, a lack of focus, or a lack of funds to do security properly.