Would you rather health data or finance data in the cloud? Healthcare providers are the top users of public clouds, says analyst firm IDC. The outfit’s new “Worldwide Semiannual Industry Cloud Tracker” reports that growth in cloud spend across four industry sectors – finance, healthcare, manufacturing and the public sector – is ratting along at US$22.5bn a year with expected growth of …
Given that prominent in the adjacent "most read" columns is Dixons Carphone 'fesses to mega-breach, it's probably worth remembering that "other people's servers" can bear your own asset tags...
Let me see:
My financial information is stored by my bank.
The governbment has data on me.
The iPhones store data of which Apple has the encryption keys and the actual data is on AWS & Google.
In what way are "own" servers safer/more secure? Is secure not mainly a matter of who agrees what levels and what standards with whom?
Nothing should be in the clouds (except water waiting to precipitate).
Neither aeroplanes nor data should reside in clouds for the same reasons. It's hard to see whom else is sharing your space, and any crashes are catastrophic.
Of course, that doesn't stop the marketing-droids from spruiking about "the advantages of clouds", but then again they can't tell the difference between having one's head up one's arse and having one's head in the clouds.
I like to call that similarity the "Fog Bog™"
How would you like it, a quick or a slow death Sir?
----------------
https://www.bbc.co.uk/news/technology-43057681
https://www.theregister.co.uk/2018/04/19/48_million_personal_profiles_left_exposed_by_data_firm_localblox/
https://www.theregister.co.uk/2018/04/21/security_roundup/
https://www.theregister.co.uk/2017/12/21/aws_s3_alteryx_bungle/
https://www.theregister.co.uk/2018/04/05/billions_files_exposed_aws_ftp_wide_open/
----------------
And for dessert variants of these are really only just beginning:
----------------
https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Since we receive some PHI/PII data from many organizations.
I've learned recently of a case where some PII data (this not under our control) ,was transferred to a consultancy that was not in our approved list - actually overseas. During the investigation it was uncovered that the the consultancy actually bid out the data processing to another organization in a (ahem) non-friendly.
Between the various parties that tap into our infrastructure already (janitors, states, agencies, nations, super-gallactics), and just shuffling these bits around the world - can we actually prevent leakage of everything?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
