Server Security in the Cloud

Sunday, July 03, 2011

Simon Heron

A88973e7d0943d295c99820ab9aeed27

There was an interesting article in the NYTimes passed to me by our USA CTO. 

It makes you think about putting data in the cloud, as when your data is “in the cloud” there is the clear and unmistakable risk that you could be sharing resources with not-so-ethical companies who may suddenly end up under investigation. 

And your data may end up being seized in the course of an investigation, without your knowledge. 

Suddenly, you lose your server, you lose your data, your website goes offline without notice and without reason, bringing business to a halt. 

If you are an online merchant that is of course especially damaging but for anyone putting their business in the cloud, this is reason for great concern.

The investigation in question is supposedly related to the Lulz hacking group.  This investigation is being conducted in conjunction with European authorities. 

So the data and servers that were confiscated could become part of an investigation your company has no reason to be involved with at all.

When you approach the cloud, you need to think about these risks:

  • What data do you put in the cloud
  • Where are you actually putting it
  • Who are your neighbours and
  • What happens to your servers and especially your data in situations like the one described here

Your management may well want to be in on this decision!

This is not the first time that the FBI or other investigative agencies have done something like this. 

If they continue operating in this manner, with an apparent disregard for the issues caused to the other, innocent, companies hosted in the same or even adjacent servers, they may end up causing a damage to the cloud in itself. 

The result could be that more and more companies reconsider their options and decide that hosting that server in house is still the best option after all, even if it is more costly.

Cross-posted from Redscan

Possibly Related Articles:
13999
Cloud Security
Service Provider
Cloud Security Vendor Management Business Continuity Managed Services Third Party Data Center
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.