How Cloud Computing Security Resembles the Financial Meltdown

[ Thanks to James Maguire for this link. ]

"How do you know if a cloud computing vendor is secure?

"After all, you're trusting them with highly sensitive data and business critical processes. Your entire business may rest on your ability to evaluate their level of security.

"When they make claims about their nearly absolute level of safety, should you just...take their word for it?

"Goodness no, say the vendors, we've got a third party certification to back up our claims. Specifically, they point to their SAS 70 certification. SAS 70 is a set of auditing standards used to measure the handling of sensitive information. It was created by the impressively-named American Institute of Certified Public Accountants (those folks know how to fill out forms). SAS 70 was around before cloud computing, and has been shoehorned into use by vendors seeking an impartial third party credential to reassure nervous cloud customers.

"But here's where it gets dubious. Guess who writes a check to the SAS 70 certifiers? Believe it or not, it's the vendors themselves. If you were a cynical, non-trusting type (which you should be if your company's data is at stake) you might wonder…isn't that a conflict of interest? Don't accounting firms have a vested interest in granting SAS 70 certifications to those cloud computing vendors who can pay for them?"

Complete Story

Related Stories:

• Fonality: Goodbye Open Source, Hello Cloud(Apr 14, 2010)
• Memcached Vendors Bulk Up for Web 2.0(Apr 14, 2010)
• Proprietary Licenses Are Even Worse Than They Look(Apr 08, 2010)
• Enterprise cloud put to the test(Apr 05, 2010)
• EFF Reveals How Your Digital Fingerprint Makes You Easy to Track(Jan 29, 2010)
• Privacy Bill Nears Introduction in House(Jan 29, 2010)
• The Cloud Ate My Homework (Google Docs censors your documents)(Dec 01, 2009)
• Putting Trust in the Cloud(Nov 25, 2009)
• Editor's Note: Cloud is Just Another Word for "Sucker"(Nov 14, 2009)