Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Insider Threat of Cloud Computing By Roger Halbheer, on March 11th, 2010 Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You’re missing the real threat. David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is still bigger.
When I read the article, I agreed but on the other hand I was quite surprised. The article actually tends to reduce the risks of the cloud to the hacking attack from the outside. As we know, the problem space is much, much bigger as we outlined in our Cloud Computing Security Considerations paper as did others in numerous other papers on the web.
However, there is one fundamental thing I agree with the article: When people talk about the Cloud and security they tend to forget the past. It seems to me when I read the blog sphere and article on the web like it the cloud is something completely new and the threat landscape is completely new and the risks are completely new. To me, it is “just” a variation of the theme. We had outsourcing in the past and we had virtualization in the past. Now, we combine the two, add some salt and pepper and have Cloud computing (I know that I am oversimplifying now).
I am completely aware and supportive of the fact that the Cloud is adding a lot of business opportunities – and new risks. But we definitely have to make sure that we do not forget what we learned in the last few years – the last two decades – of information security as the “old” risks – like the insider threat – do not go away because we move to the Cloud. Nor will the responsibility for securing our information being transferred to a cloud provider. And this is probably the most important thing we have to consider, when we plan the cloud.
Roger
Related posts:
- Legal Risks of the Cloud
- Hey, You, Get Off of My Cloud
- Legal Challenges of International Business and the Cloud
- How Microsoft IT does Threat Analysis
- A Conversation About Threat Modeling by Michael Howard
Leave a Reply
|
|
|
