Is The Cloud Outsourcing or Not?

Here are to two interesting perspectives regarding this topic. Who’s right?

Below is a blog post found at ComputerWeekly discussing…

An article in Computerworld UK reports that the latest advice from the Information Security Forum (ISF) is that information security professionals should treat cloud computing as they would any other external supplier. “Cloud is just outsourcing” according to Adrian Davis, a principal research analyst at ISF, speaking at an (ISC)2 Conference in London.

It’s a shame they didn’t quote from my talk at that conference, as I take the opposite view. Cloud computing is light years apart from the dedicated, specified, audited environment associated with a well managed outsourcing exercise. Cloud computing involves a much higher degree of sharing, coupled with a considerably less degree of control. You can’t specify or audit a commercial cloud service, though you could of course implement your own private cloud service (and thereby forego most of the economic and operational benefits).

Suggesting that cloud computing demands specified SLAs and audit rights is equivalent to advising that public cloud services should be avoided. I suggest Adrian reads my book “Managing Security in Outsourced and Offshored Environments” to better understand the differences between the various and varying models of externalization.

Full Source: David Lacey/Computerweekly

Follow Us!


Established in 2009, is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!


Add Comment Here