Home Tags Security guard
Tag: security guard
Last week at the BoxWorks conference, Box adviser and ex-Windows president Steven Sinofsky was asked by a delegate how best to sell a move to the cloud to his company's C-level executives without automatically seeming to undervalue his previous on-premise security efforts. Sinofsky replied that "It's okay to say, ‘The bad guys are really, really bad, and I'm not equipped as a company to do security battles with nation states.' "That's effectively what everyone is now up against. If you store credit card [details], it's you against a galactically large international community of bad guys," he continued. Even for a man with a vested interest in Box, it was a surprisingly out-there statement. Symantec CIO Sheila Jordan, sitting on the same panel, attempted to claw back some credibility for the assembled experts by adding that it would be better to "change the conversation". "I wouldn't be arguing [against your current solution]. Cloud is not nirvana – let's be very clear about that," said Jordan. "Business leaders want something – maybe it's a content system that works faster, and you could say, ‘Here's all the use cases we can deliver' – that's the argument. I'd take it out of comparing technologies, and talk about delivering a more secure, faster and cheaper solution." But the discussion raised an interesting question. Can a large cloud provider ever truly claim to be safer than any kind of on-premise solution, as we plunge into a future of widespread, highly organised threats? McAfee's EMEA CTO Raj Samani doesn't think such a simple reply as Sinofsky's is wise. "I don't think it's a question of security, I think it's a question of transparency. It's using the cloud, using someone else's computer, someone else's environment and there are various providers who will implement high levels of security, and there are those who may not," he states, diplomatically. "But the challenge becomes how do you deal with due diligence to determine those who are secure or those who do have a focus on the right level of security and those who do not?" The question as to whether cloud is more secure internally or externally, he says, is thus still highly subjective and contextual, although it's always true you "can walk downstairs, check the data centre, meet the security guard, check if he's got bullets in his gun, and look at his CV!" "If I was at the conference, I'd have said, ‘OK, that's a maybe – you might be more secure, but you can't say you're more secure than every customer out there. You don't know'," continues Samani. "As the saying goes, 'you can outsource the work, but you can't outsource the risk'. But should that still hold as companies become more dependent on cloud providers? You can, after all, outsource the risk of looking after your money to the average bank. "The reality is that, even from a legal perspective, you've got a due diligence requirement. The use of cloud should not mean you can forego that. The way you do it is different – naturally you have fewer degrees of transparency. If you're going to be using a traditional outsourcer, you probably have the opportunity to carry out an on-site audit, but in the cloud, probably not." Martyn Croft, CIO at the Salvation Army, agrees with Samani. "I'd agree you can't outsource risk, and shouldn't even try. It's a bit of a fool's paradise. The other thing for me that springs to mind is if you put all your eggs in one basket, you make it a bigger target and easier to hit." While you might be able to stand the loss of a small per cent of your data, and be prepared in many ways to cope with that, "losing everything in one fell swoop is game over, isn't it?" he says. "So I'd still urge people to diversify and distribute even when it comes to storage. There's that model that says it's safer in smaller cells than in chunks." To conclude, while it would never be great to follow the advice of a company "adviser" on anything related to that firm's service, it seems that firing and forgetting all your data into a company even as large as Box is still not the best of ideas. As Croft signs off, find out "where to send the truck to get it back" before posting your data to goodness knows where.
VIDEO: Mike Fey, CTO of Intel Security, discusses how McAfee is now stronger, thanks to Intel. Intel acquired security vendor McAfee for $7.68 billion in 2011, and earlier this year rebranded the division as Int...