I've been trying to avoid commentary on "Cloud Security"... but apparently I can no longer hide. A colleague of mine, Joe Dibiase sent me a link to the article off BreitBart.com regarding the recent Google snafu which exposed some documents from their cloud repository. The issue isn't one of Google's ability to secure their gargantuan globally-distributed environment, and it's not even about the meager .05% (or so they claim) of private-turned-public documents that were exposed.
No, the over-arching issue here is that companies continue to think it's a good idea to stuff private (and in some cases extremely private (a la PII)) data into "the cloud". Let me cut off the comment before it formulates in your brain now, I am fully aware of the power of leveraged infrastructure, cost and efficiency savings and such. The problem doesn't lie in the theory ladies and gentlemutts... it's the execution. Cloud Computing with associated storage models, looks brilliant on paper, and if executed well it can be truly special. The problem I'm having as I look over these issuse is that this all relies on people to execute well... fail.
Here's my break-down... feel free to criticize, comment... constructively.
- Leveraged cost-model (shared infrastructure)
- Global diversification of infrastructure (fault tolerance)
- Decreased waste of processing cycles (less idle hardware all over the world?)
- Availability (not the same as fault-tolerance)
- Epic failure is one mouse click, shell script, or configuration error away