Thursday, June 9, 2011

Some Think Cloud Security Superior to In-house Data Centers

For some in-house data centers,
the data horse has already left the barn!
Randy Davis, VP eGistics

I just attended a panel discussion Webinar titled, "Ready for Cloud Storage? Key Considerations and Lessons Learned,"  hosted by SNIA, Cloud Storage Initiative.

The panel included Kipp Bertke, Manager of Infrastructure & Operations at Ohio Department of Developmental Disabilities; Ajay Chandramouly, Cloud & Data Center Industry Engagement Manager at Intel; and Nathan McBride, Executive Director of IT at AMAG Pharmaceuticals.

The discussion was meaty and substantial (you can find it here:, but the comments by McBride were downright breathtaking. I would say that he and I had been reading the same articles, but his comments were based on hard-earned experience rather than ivory-tower theorizing.

I was so impressed with his views that I am going to quote him as best I can, and quite extensively, in this blog entry.

The following comments from McBride are in response to my question, "Are cloud security concerns qualitatively different than those for on-premise solutions?" Although the question was misinterpreted to mean security differences between public and private clouds, rather than between cloud solutions and in-house (non-cloud) solutions, McBride's answer was spot on.
“Security is always a concern of mine. It brings me to questions I have to ask myself, and they are 'What is the best possible data center I could build? What’s the most amount of security I could put into it, and how much would that cost me?' I realized that the cloud storage vendors I selected had spent five times that much, or a hundred times that much, to build their data center. So there’s nothing I can do that would even come close to the security offered by my vendor for a low service cost.”
Then he addresses the trust issue head on. Can you trust cloud storage service providers?
"People say, 'Well, what about the people at the data center that is hosting your data? Do you trust them?' Well, I trust them just as much as I trust my own IT employees. The only way you can ever be secure is to remove people. Since I can’t remove people from the equation, I have to trust that at a certain level the companies I want to do business with want to keep doing business with their customers, so they’re going to employ best methods, best practices, and the best people to manage my data. And I don’t just trust that. I also verify through SAS70 certifications, on site audits, things like that. But I do feel comfortable and secure knowing that the companies we are doing business with have employed security practices that far exceed anything I could manage to put together."
McBride went on to discuss some of the data leaks common to in-house data centers, things like non-secured flash drives, data that is copied to dozens or hundreds of PC hard drives, data sent to casual, personally controlled file storage services such as Sky Drive and Google Docs, and so on. His point is that you have to consider the real risks, costs and vulnerabilities of in-house data center management, and realize that, for most companies, it's no Fort Knox for data. On the other hand some cloud storage service providers have gotten real close to Fort Knox-like security.

This Webinar is worth your listen.

No comments:

Post a Comment

We welcome your comments and expect that our conversation will follow the general rules of respectful civil discourse. This is a moderated blog, and we will only post comments from bloggers 13 years or older that relate to topics on the CloudDocs Blog. We strive to review comments for posting within one business day. You are fully responsible for everything that you submit in your comments, and all posted comments are in the public domain. We do not discriminate against any views, but we reserve the right not to post comments. We do not post comments that are off-topic, spam, or overtly self-promoting.