How Cloud Computing Security Resembles the Financial Meltdown
Apr 27, 2010, 23:33 (0 Talkback[s])
(Other stories by James Maguire)
[ Thanks to James
Maguire for this link. ]
"How do you know if a cloud computing vendor is secure?
"After all, you're trusting them with highly sensitive data and
business critical processes. Your entire business may rest on your
ability to evaluate their level of security.
"When they make claims about their nearly absolute level of
safety, should you just...take their word for it?
"Goodness no, say the vendors, we've got a third party
certification to back up our claims. Specifically, they point to
their SAS 70 certification. SAS 70 is a set of auditing standards
used to measure the handling of sensitive information. It was
created by the impressively-named American Institute of Certified
Public Accountants (those folks know how to fill out forms). SAS 70
was around before cloud computing, and has been shoehorned into use
by vendors seeking an impartial third party credential to reassure
nervous cloud customers.
"But here's where it gets dubious. Guess who writes a check to
the SAS 70 certifiers? Believe it or not, it's the vendors
themselves. If you were a cynical, non-trusting type (which you
should be if your company's data is at stake) you might
wonder…isn't that a conflict of interest? Don't accounting
firms have a vested interest in granting SAS 70 certifications to
those cloud computing vendors who can pay for them?"
- Fonality: Goodbye Open Source, Hello Cloud(Apr 14, 2010)
- Memcached Vendors Bulk Up for Web 2.0(Apr 14, 2010)
- Proprietary Licenses Are Even Worse Than They Look(Apr 08, 2010)
- Enterprise cloud put to the test(Apr 05, 2010)
- EFF Reveals How Your Digital Fingerprint Makes You Easy to Track(Jan 29, 2010)
- Privacy Bill Nears Introduction in House(Jan 29, 2010)
- The Cloud Ate My Homework (Google Docs censors your documents)(Dec 01, 2009)
- Putting Trust in the Cloud(Nov 25, 2009)
- Editor's Note: Cloud is Just Another Word for "Sucker"(Nov 14, 2009)