Discussion on:
View:
Show:
I assume that you have tested the tools mentioned in the post. How did you prove that they are effective when it comes to security -- the encryption tool for example?
I tested some (but not all) of the tools. Some I mentioned only for comparison. I tested the encryption tool with some simple tasks, such as taking snapshots of the disks and mounting them on other servers and so on. I did not, however, go into deep detail or really challenge them. As I mentioned in the post, I don't think they'll ever be as effective as keeping everything internal, but they are "good enough" for many application scenarios. There are always going to be problems, however: if people create servers with all ports open in the public internet and "password" as the password for the admin account, no ammount of encryption is going to save their data...
if the cloud service providers are going to offer their services in other countries and provide ironclad evidence of a company's data being stored at ONLY the sites in that country. This is big one due to the various laws on privacy and data storage in some countries. The moving of the data off-shore is unlawful and a major breach of the privacy laws in some countries.
Another aspect is the differences in the laws between countries and the security of the data when stored elsewhere. An example of this is data stored on a server in the USA could be inspected by US law enforcement while looking into a case against another company using the same data storage service. The data could get compromised and then all hell breaks loose as they try to decide who's at fault. We've already had an example of this type of problem with the MegaUpload case.
It's these types of security issues that really worry a lot of IT and management people around the world. It may not be such a big worry for the USA companies, but it is for non-US companies.
Another aspect is the differences in the laws between countries and the security of the data when stored elsewhere. An example of this is data stored on a server in the USA could be inspected by US law enforcement while looking into a case against another company using the same data storage service. The data could get compromised and then all hell breaks loose as they try to decide who's at fault. We've already had an example of this type of problem with the MegaUpload case.
It's these types of security issues that really worry a lot of IT and management people around the world. It may not be such a big worry for the USA companies, but it is for non-US companies.
and this is why many solution providers are partenering with existing infrastructure providers to be able to run in as many countries as possible. There is also another problem, which is the other side of the issue you mentioned: storing data in other countries can actually help to hide criminal activity, by stopping law enforcement from being able to reach data for investigation, for instance. This is one reason why some governments have strict laws against moving data off-shore. And some service providers can make the issue even more complicated: a service could operate in one country, store encrypted data in a second country, and store the decryption keys on a third country.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
