Reply to post: Re: The difficulty with cloud

Accountancy software firm Sage breached in apparent insider attack


Re: The difficulty with cloud

GDPR is intended to address this issue, with both the cloud supplier and the customer being required to perform risk assessments of the data being stored (Article 30 section 1 and 2). Trouble is, this means that the cloud provider will need to know what data is being stored - after all, how can you perform a risk assessment without knowing what it is you are performing the risk assessment on?

If the cloud provider now knows what your data is (whether or not it is encrypted), surely the customer's data is more at risk from internal attack than before? This also puts a very large target on a cloud providers internal [customer] records from the outside too. The more people/companies put data into the cloud, the more people will try to hack the datacentres.

As people have said, keeping the most important data in-house will always be the safest option. Trouble is, that solution won't work for the determined boss who actually believes the snake-oil salesmen!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022