Microsoft and cloud-related privacy. Not sold just yet.

Security and privacy go hand-in-hand.   The security concerns regarding cloud computing have been – and will continue to be – documented here and elsewhere as sensitive information and applications are stored elsewhere.  By releasing a white paper on this topic, Microsoft – who’s making big bets on cloud computing – hoped to nip this issue in the bud. 

The gist of it seems to be this: what’s the big deal?  We, Microsoft, already have tons your information already.  You’ve heard of Hotmail, haven’t you?  So this, rather is the next step in the narrative. 

Some people arent’ sold.  Nor am I.  For starters, I think Microsoft minimizes the idea of scale.  Sure, you have my user name and – what else?  my password?  my password hint?  (my dog’s name) – on your servers already.  But that is a far cry from the serious and sensistive financial, health, and other types of information that will soon be residing on your systems.  There’s a fundamental difference there.  And furthermore, doesn’t Hotmail get hacked all the time anyway?  This is somehow supposed to comfort me.

Security professionals caution: be careful what you wish for

 

In this fascinating round-table of forward-looking security professionals, one fact becomes abundantly clear: the archetype of perimeter-defined security management, within the confines of the traditional network perimeter, has seconds to live.  I mean, its extinction was inevitable, but cloud computing has given it that extra push. In fact, this is the one sector of the IT community – the security world – where you see some hesitancy.  It’s not to say they don’t foresee the value in cloud computing it’s just that on a daily basis, they are confronted by ever-complex and increasing threats.  There’s never a dull moment, and now the IT community as a whole is charging full-speed ahead with a new and still-ambiguous paradigm that will only exacerbate this unease.  They’re the ones on the front lines who have to deal with the bottom-line ramifications of developer and tester ambitions, never mind the ever-present insider threat, which will only metastasize as the employee becomes more “empowered” on the cloud.

Feeling insecure on a cloud

No one likes to be “reactive,” especially when it comes to security.  Instead, it always seems like people care about information security when something bad really happens.  People are thrown into firefighting mode, put out the fire, and go back to their normal lives.  The trick – and of course, it’s easier said than done – is to build in security proactively, to offset future (and costly) breaches and outages.

The jury is still out on the security implications around cloud computing.  Like any outsourced asset, users mut relinuih a degree of control; you’re ultimately at the mercy of some external third party.  The same can be said for cloud computing.

Fortunately, folks at EMC and other places are ahead of the curve on this one.  And while users are reliant on the security practices of their providers, there are nonetheless practical steps they can take to reduce the risk to their systems and assets.