Where Will the Buck Stop in Cloud Security?

Tuesday, May 15, 2012

Jayson Wylie

54a9b7b662bfb0f0445d1661d7ed180b

My mouth would water on business proposals coming across my desk that had lots of cost savings analysis work shown if certain things were outsourced to a Cloud solution.

The old saying “You get what you pay for” may or may not be in effect, but I surely don’t know what is in effect when signing off your business functions to a third party.

Historically, firms used outsourcing in many different ways, but most of the work would be performed on-site or by software used in-house with collaboration and corrections driven by the business.

I have stated that I haven’t been involved in closing a contract to allow business functions sourced from the Internet. I have been hopeful to find a great service provider, but I think I see the direction of this road.

Exposure. Risk and threats may be better termed and considered in the security minds, but exposure is another little brother who needs to be heard.

There are many independent CPAs who do work for their clients, and that information is sensitive or not publicly available.

A move to store their tax data in the cloud comes from a desire to be able to be stored off-site reliably. Sounds like a sound IT move.

The CPA's clients will first take it up with the accountant if the sensitive data becomes public.

The accountant will go to the provider, and the provider will refer to the contract that may remove any accountability towards their requirements for compliance.

What can the clients and/or companies do?  I see that they are going to have to get Cyber Insurance like those for other uncontrolled events that homeowners use.

I surely don’t want to see the main outcome of security and data breaches become lengthy litigation between all involved when the victims are at the bottom of the pile.

If security boils down to he who has the best law team, the direction of security will have an approach of least exposure to litigation versus Cyber threats. This does not settle with me as a valid security driver for improving security posture.

Possibly Related Articles:
10446
Cloud Security
Service Provider
Cloud Security Risk Management Outsourcing Managed Services Third Party Liability Service Level Agreement vendors exposure
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.