Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sorry, cloud resisters: Control does not equal security

David Linthicum | July 21, 2014
Many of those who push back on cloud computing citing security fears are doing their employers a disservice

Do you remember last Christmas? Target lost data from about 40 million credit and debit cards that were stolen at its stores between Nov. 27 and Dec. 15, the height of the holiday shopping period. Thieves tampered with the sales terminals' card swipers to gain access to the data stored on the magnetic stripe on the back of credit and debit cards.

And do you remember Sony's huge PlayStation Network security blunder that exposed as many as 100 million credit card numbers? It cost Sony big and required user account reboots.

What do all these security issues have in common? All are breaches that occurred from internal systems -- systems in which IT departments were in direct control.

The problem is that many people equate control with security. Many CIOs have told me they need to have complete control of their servers to ensure they're secure. Well, all major security breaches occur in systems that are under IT's "direct control." You never hear about them, unless they're as spectacular and far-reaching as Sony's and Target's breaches.

People who say they will not move to the public cloud due to the lack of control, which they argue means lack of security, are not living in the real world. Security -- cloud or not -- is measured by the amount of planning and technology that goes into ensuring the data is effectively protected. It's not about where the data resides.

In fact, we're seeing data that's actually more secure on public clouds than it was on internal systems. Indeed, the breaches continue to focus on unsecured local systems, with public clouds largely spared thus far.

Control does not equal security, and it never did. Those who continue to push back on cloud computing using security as an excuse, without understanding the real issues, are doing their businesses a disservice.

Source: InfoWorld

 

Sign up for CIO Asia eNewsletters.