2015 Advertising Opportunities - Find Out More!
Here are to two interesting perspectives regarding this topic. Who’s right?
Below is a blog post found at ComputerWeekly discussing…
An article in Computerworld UK reports that the latest advice from the Information Security Forum (ISF) is that information security professionals should treat cloud computing as they would any other external supplier. “Cloud is just outsourcing” according to Adrian Davis, a principal research analyst at ISF, speaking at an (ISC)2 Conference in London.
It’s a shame they didn’t quote from my talk at that conference, as I take the opposite view. Cloud computing is light years apart from the dedicated, specified, audited environment associated with a well managed outsourcing exercise. Cloud computing involves a much higher degree of sharing, coupled with a considerably less degree of control. You can’t specify or audit a commercial cloud service, though you could of course implement your own private cloud service (and thereby forego most of the economic and operational benefits).
Suggesting that cloud computing demands specified SLAs and audit rights is equivalent to advising that public cloud services should be avoided. I suggest Adrian reads my book “Managing Security in Outsourced and Offshored Environments” to better understand the differences between the various and varying models of externalization.
Full Source: David Lacey/Computerweekly
Latest posts by CloudTweaks (see all)
- Cloud Infographic – How Much Do You Really Know About The Cloud? - January 23, 2015
- Big Data, Big Business: Top 100 Heavy Hitters in Big Data - January 23, 2015
- Microsoft HoloLens Could Be an Augmented Reality Game-Changer - January 22, 2015