SaaS, PaaS, Software+Services, and now Microsoft's Midori (next gen OS) all spark the debate of whether our data is secure in the cloud. In a Slashdot discussion, debate quickly switched from discussing Midori into the distrust of storing personal data in the cloud. A Business Week article sited security of your data #4 on its list of myths about SaaS. At some point, and some point soon, we're going to have to address the security concerns of cloud services, cloud storage and how customers know their data is secure.
Will we see a major security breach of a cloud service, such as Amazon EC2/S3, Salesforce, Google Web Engine Services or other cloud service? As critical mass builds in cloud services, those looking to exploit security weaknesses for financial gain will also shift their focus to weak points and weak services who haven't properly protected against vulnerabilities and exploits. Look at the recent DNS flaw and how much attention its garnered by vendors encouraging admins to upgrade for a fix. How many attacks have been launched during that window of confusion about which DNS systems needed fixing and whether they actually were patched or not?
There are many security impacting regulations and audits (SOX, HIPAA, SAS70) but in my view VISA's PCI is one of the most practical and thorough as it gets down to brass tacks about access control, and securing networks and servers. But unless you are processing or retaining credit card data, PCI isn't required. Do we need a national Cloud PCI type security standard? With more access, e.g. cloud, mobility, and SaaS, we'll need better, tighter and rigidly applied security standards in order to both secure data and maintain the trust of users.
It's time to begin addressing security of the cloud before the bad guys force us to do so.
Like this? Here are some of Mitchell's recent posts.Symantec & McAfee Finally Get Run For MoneySaaS, If It Was Easy, Everybody Would Be Doing ItAnother Cuil Search Engine On The BlockMicrosoft Cloud Initiative Announcement LoomingPodcast/Video: Xobni & Co-Founder Matt BrezinaIs Live Search Making Headway Against Google? Product Reviews: Microsoft Live Mesh Google App Engine LiveNewsCameras.com Xobni Outlook plugin Recent Converging Network Blog Posts: Get Ready For XaaS Everywhere Unbelievably Bad Web Password Security Back From Hiatus, Saved by Web 2.0 Technology It Takes a Village.. ah, actually, being there first and tons of hard workThe Converging Network, his new blog Breast Cancer For Husbands.com, and SSAATY Security Podcast.Visit Microsoft Subnet for more news, blogs, opinion from around the Web.Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)