To encrypt data prior to storing it in the cloud, businesses can use a zero-knowledge service or encrypt their files before uploading them. Encryption prior to cloud storage is a wonderful idea.
Until regulatory authorities become more aggressive and empower plaintiffs' attorneys to pursue significant remedies for the damages sustained as a result of such practices, we will continue to see more of the same. Self reporting obligations are ineffective in organizations led by those lacking a properly functioning moral compass. It has been said that transparency of governance accelerates trust, yet many businesses and cloud providers refuse to be more transparent about their information security governance practices. The GIGO effect remains alive and well when its fire is stoked by the impatient, lazy and incompetent. I have seen too many lift and shift scenarios that did not bother assessing their business processes and requirements prior to conducting a lift and shift. Those businesses who are alleged to be saving millions by moving back to physical data centers probably failed to define the proper requirements and controls prior to their initial move to cloud.
It is highly unlikely companies are going to abandon their strategies of becoming more cloud centric when significant investments have been made to migrate to platforms that provide the speed, ease of use and utility that businesses require. As nice as it may feel to call out mistakes and say, "I told you so." we all know this sour grapes approach does not solve the problem. Those of us who know better, understand security must be specified from the beginning while documenting requirements. For decades we have witnessed vulnerable software get brought to market because the development teams often operate under harsh deadlines and the illusion that security can be sprayed on later. That said, security has always had to battle to find a balance between ease of use and functionality. Factor in items such as corporate vaults, single sign on and BYOD and the parade of horribles and potential bad outcomes expands significantly when additional compensating controls are lacking. Who can physically access the data and where it resides were always two major questions in my mind. The simple logic is once you give up custody of your data to a computer system owned and managed by someone else, you give up oversight of physical security to the system. I used to think the cloud was a bad idea too.
0 kommentar(er)
