Why The Cloud Is More Secure Than Your Existing Systems
Saving the best of LASCON 2010 for last, my final session was the one I gave! It was on cloud security, and is called “Why The Cloud Is More Secure Than Your Existing Systems.” A daring title, I know.
You can read the slides (sadly, the animations don’t come through so some bits may not make sense…). In general my premise is that people that worry about cloud security need to compare it to what they can actually do themselves. Mocking a cloud provider’s data center for not being ISO 27001 compliant or having a two hour outage only makes sense if YOUR data center IS compliant and if your IT systems’ uptime is actually higher than that. Too much of the discussion is about the FUD and not the reality. Security guys have this picture in their mind of a super whizbang secure system and judge the cloud against that, even though the real security in the actual organization they work at is much less. I illustrate this with ways in which our cloud systems are beating our IT systems in terms of availablity, DR, etc.
The cloud can give small to medium businesses – you know, the guys that form 99% of the business landscape – security features that heretofore were reserved for people with huge money and lots of staff. Used to be, if you couldn’t pay $100k for Fortify, for instance, you just couldn’t do source code security scanning. “Proper security” therefore has an about $1M entry fee, which of course means it’s only for billion dollar companies. But now, given the cloud providers’ features, and new security as a service offerings, more vigorous security is within reach of more people. And that’s great -building on the messages in previous sessions from Matt’s keynote and Homeland Security’s talk, we need pervasive security for ALL, not just for the biggest.
There’s more great stuff in there, so go check it out.