Linux Today: Linux News On Internet Time.

More on LinuxToday

How Cloud Computing Security Resembles the Financial Meltdown

Apr 27, 2010, 23:33 (0 Talkback[s])
(Other stories by James Maguire)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

[ Thanks to James Maguire for this link. ]

"How do you know if a cloud computing vendor is secure?

"After all, you're trusting them with highly sensitive data and business critical processes. Your entire business may rest on your ability to evaluate their level of security.

"When they make claims about their nearly absolute level of safety, should you just...take their word for it?

"Goodness no, say the vendors, we've got a third party certification to back up our claims. Specifically, they point to their SAS 70 certification. SAS 70 is a set of auditing standards used to measure the handling of sensitive information. It was created by the impressively-named American Institute of Certified Public Accountants (those folks know how to fill out forms). SAS 70 was around before cloud computing, and has been shoehorned into use by vendors seeking an impartial third party credential to reassure nervous cloud customers.

"But here's where it gets dubious. Guess who writes a check to the SAS 70 certifiers? Believe it or not, it's the vendors themselves. If you were a cynical, non-trusting type (which you should be if your company's data is at stake) you might wonder…isn't that a conflict of interest? Don't accounting firms have a vested interest in granting SAS 70 certifications to those cloud computing vendors who can pay for them?"

Complete Story

Related Stories: