SaaS, PaaS, Software+Services, and now Microsoft's Midori (next gen OS) all spark the debate of whether our data is secure in the cloud. In a Slashdot discussion, debate quickly switched from discussing Midori into the distrust of storing personal data in the cloud. A Business Week article sited security of your data #4 on its list of myths about SaaS. At some point, and some point soon, we're going to have to address the security concerns of cloud services, cloud storage and how customers know their data is secure.
Will we see a major security breach of a cloud service, such as Amazon EC2/S3, Salesforce, Google Web Engine Services or other cloud service? As critical mass builds in cloud services, those looking to exploit security weaknesses for financial gain will also shift their focus to weak points and weak services who haven't properly protected against vulnerabilities and exploits. Look at the recent DNS flaw and how much attention its garnered by vendors encouraging admins to upgrade for a fix. How many attacks have been launched during that window of confusion about which DNS systems needed fixing and whether they actually were patched or not?
There are many security impacting regulations and audits (SOX, HIPAA, SAS70) but in my view VISA's PCI is one of the most practical and thorough as it gets down to brass tacks about access control, and securing networks and servers. But unless you are processing or retaining credit card data, PCI isn't required. Do we need a national Cloud PCI type security standard? With more access, e.g. cloud, mobility, and SaaS, we'll need better, tighter and rigidly applied security standards in order to both secure data and maintain the trust of users.
It's time to begin addressing security of the cloud before the bad guys force us to do so.
Like this? Here are some of Mitchell's recent posts.
Symantec & McAfee Finally Get Run For Money
SaaS, If It Was Easy, Everybody Would Be Doing It
Another Cuil Search Engine On The Block
Microsoft Cloud Initiative Announcement Looming
Podcast/Video: Xobni & Co-Founder Matt Brezina
Is Live Search Making Headway Against Google?
Recent Converging Network Blog Posts:
Get Ready For XaaS Everywhere
Unbelievably Bad Web Password Security
Back From Hiatus, Saved by Web 2.0 Technology
It Takes a Village.. ah, actually, being there first and tons of hard work
Visit Microsoft Subnet for more news, blogs, opinion from around the Web.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)