Reply to post: The difficulty with cloud

Accountancy software firm Sage breached in apparent insider attack

Dwarf Silver badge

The difficulty with cloud

The difficulty I find with cloud is that its impossible when standing on the outside and peering into the darkness to see if its been designed, secured, built and maintained properly.

After all, this is just "someone else's data centre". Snake oil and promises that its all OK do not cut it.

What would help is if there was a recognised minimum standard that people had to demonstrate that they met during design and build and regular re-evaluation say annually or on significant change, Loads of recognised infrastructure good practices, ISO2700x and all the security good practices seem to be conveniently forgotten when the word cloud is inserted into a marketing slide.

Even in cases like AWS, where its designed and built right, doesn't imply that the person deploying into the cloud platform understands the technology stack and has configured it correctly. How many Amazon examples use as examples in their training for firewall rules ?. How many people leave this when they were configuring and just forget to tidy it up before they start the fanfare and marketing that they are in the cloud ?

Now take the other end of the spectrum, you phone up some supplier for their hosted cloud server offering, which is just a physical server in a rack with no security at all.

A standards scheme, like hotel star ratings would go a long way here.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021