Google's recent internal security breach is raising questions about cloud computing. While Google claims they trust the company's Site Reliability Engineers, the fact is that the company does not have enough control over the employees who have access to its systems. Naturally, Google is trying to contain costs, but this is one of many areas where corporate decision-makers have to choose both their priorities and their misery. The company claims it regularly upgrades its security controls by auditing logs, but it won't define regularly. Is it regularly as in daily, weekly, monthly, quarterly, annually or regular when there's a problem?
In my experience as a consultant between full-time employment, I can see where there are gaps. Someone accepts an assignment for three months or six months, or even two years. If the pay isn't worth his while, he is going to keep one foot on the gas pedal, ready to take off as soon as a better offer comes in. If a company relies on consultants, the hiring managers must know that there is not going to be any loyalty on the part of the contract worker. Why would there be? What Samuel Goldwyn said about a contract not being worth the paper it's printed on was a laughable remark some 70 years ago. It turns out Goldwyn was a prophet. I had a one-year contract become worthless after nine months. I wasn't singled out. At various networking meetings, I met four other victims of the same company with the same contract. And, no, we were not spying on minors or tapping into call logs. We were putting out fires.
Cloud computing isn't going away. Companies that are thinking about using it are going to have to take security measures very, very seriously. What Google's David Barksdale did was unpleasant and immoral, but it's nothing compared to what can and does happen.
For the past several years, I've worked to prevent identity thefts. In order to prevent people from hacking into bank accounts and medical records so that they can get another person's name, address and social security, I've installed and tested various intrusion detection systems. Sometimes a company doesn't want to spend the money on upgrades, but here's what happens. Suddenly there's an announcement that ABC Financial Corporation or XZY Bank is offering free credit monitoring to its customers "because its data may have been compromised." Now you know what you mean by compromise. And that credit monitoring is only free for customers, not for the corporation. Where's the savings? it's certainly not financial. And the company's reputation among its customers has also been compromised. There's no free monitoring for that.
http://www.readwriteweb.com/cloud/2010/09/googles-internal-security-brea.php
No comments:
Post a Comment