July 21, 2016 at 10:27 pm
Steve, you are absolutely right.
Like it or not, the cloud is the future.
In my own company we are already using the cloud for email, project management, CRM and HR.
Data ownership and security will always remain a talking point.
However, the cloud is surely more secure than a laptop with sensitive company and/or personal information forgotten on the back seat of a car...
July 22, 2016 at 2:05 am
Beatrix Kiddo (7/20/2016)
I believe a recent ruling declared that data in the EU is exempt from this?http://www.wsj.com/articles/microsoft-wins-appeals-ruling-on-data-searches-1468511551
Erm, no. In that specific case the data was stored on servers that were not in the USA. If the data had been on servers physically in the USA (not Ireland) then yes Microsoft would have been forced to hand them over.
I did originally say that this principle applied to servers which are within US jurisdiction, i.e. the servers are either physically within the USA or are sited somewhere subject to US law — which Ireland clearly is not.
July 22, 2016 at 4:02 am
My comment was in response to this:
As a UK citizen, I always advise anyone considering using cloud storage to first ask themselves whether they're happy about US police, FBI, etc. all being able basically to look at all of their data at any time, for any reason?
Which suggest that you think it is a problem for UK citizens. It's perfectly possible to store data in the cloud without it becoming subject to US jurisdiction.
August 2, 2016 at 12:36 pm
Also consider the risk of putting your data in the hands of someone with a political axe to grind. Many of the Internet social services, (Google, Facebook, Reddit, Twitter), are playing favorites in this fractious US election year. Imagine loss of service or lower quality service based on your perceived beliefs...
August 4, 2016 at 1:04 am
In terms of physical data centre security I am pretty sure that Amazon's data centres are considerably more robust than many companies can provide.
I am also sure that economies of scale give Amazon the resources to raise the bar considerably with regard to service, robustness and security.
The problem you face is that you have to put considerable effort into infrastructure design. Plan out your VPCs, subnets, security groups, network ACLs, VPN tunnels and then where you locate your components within that infrastructure.
When commissioning a server you need to have a robust means of spinning up that server with just the access it needs to do the job then destroy the administrator key. That means you can only EVER log onto that server to carry out the tasks that the server was intended to do. There is NO ADMIN password.
If your requirements change or the server needs patching then you destroy that instance and commission another one of the required spec and configuration. Because you do this from Cloud Formation Templates and provisioning code such as Puppet you can build and test that your new instance is as it should be as a development artefact before deploying to a production VPC.
The actual machine commissioning you can make part of a build pipeline so that once you have the base AMI (Amazon Machine Image) the instantiation of that machine plus subsequent configuration is done entirely automatically. NO human involvement allowed.
The machines you instantiate with encrypted disks. That way when you destroy your kit no-one adding EBS volumes will be able to read any data that may be physically left behind given that your infrastructure is shared.
SSL in transit obviously.
Application encryption for data that has no business moving from operational systems to backend systems such as passwords.
It is all perfectly possible to build this and to have raised the bar with regard to security.
I am sure that Microsoft have something similar.
What is needed from the cloud providers is a dummies guide for implementing secure infrastructure in their cloud. To do the stuff I mentioned above took a team of people over a year to plan out and put together and is still evolving.
August 4, 2016 at 2:42 am
David.Poole (8/4/2016)
In terms of physical data centre security I am pretty sure that Amazon's data centres are considerably more robust than many companies can provide.I am also sure that economies of scale give Amazon the resources to raise the bar considerably with regard to service, robustness and security.
In a perfect world yes, however my experience of working in FTSE 100 technology and financial services companies is often the opposite. The bigger the company, the greater the pressure to deliver profits for shareholders which in turn means penny pinching and corner cutting in service, robustness and security. Add in the amount of red tape and corporate 'jumping through hoops' to get anything done quickly and it doesn't paint a good picture.
David.Poole (8/4/2016)
If your requirements change or the server needs patching then you destroy that instance and commission another one of the required spec and configuration.
Amazon must be destroying all of their servers and rebuilding them all from scratch many times a month? For example Qualys flag up several vulnerabilities a week...
August 4, 2016 at 10:20 am
In a perfect world yes, however my experience of working in FTSE 100 technology and financial services companies is often the opposite. The bigger the company, the greater the pressure to deliver profits for shareholders which in turn means penny pinching and corner cutting in service, robustness and security. Add in the amount of red tape and corporate 'jumping through hoops' to get anything done quickly and it doesn't paint a good picture.
Yes but in AWS case there product is infrastructure that underpins loads of businesses including the main Amazon website. The data centres are AWS's core business and the core product always gets the investment. For Financial services the core product is financial services not IT services.
My experience has been similar to yours with regard to things you would expect to be much better in large companies.
August 4, 2016 at 11:07 am
chrisn-585491 (8/2/2016)
Also consider the risk of putting your data in the hands of someone with a political axe to grind. Many of the Internet social services, (Google, Facebook, Reddit, Twitter), are playing favorites in this fractious US election year. Imagine loss of service or lower quality service based on your perceived beliefs...
Unlike social media and marketing oriented companies who consider user data to be a product for sale to 3rd parties, Microsoft and Amazon are service oriented and generate revenue directly from customers. I'd also trust Microsoft and Amazon, more than any of the above mentioned services, to maintain political neutrality. That's just me.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
August 4, 2016 at 1:31 pm
Viewing 9 posts - 16 through 23 (of 23 total)
You must be logged in to reply to this topic. Login to reply