Say that again and I’ll kick your SaaS

Software as a service (SaaS) and cloud computing and cloud storage and
other “aaSes” are all the rage these days.  The cloud is going to force
security pros to revisit policy and value.  We have to make the case of
why we have specific policies and why those policies apply to certain
data and applications.  Otherwise biz units will throw apps and data up
to the cloud willy-nilly to grab the cost savings.

My buddy Kevin Richards at Crowe Horwath said, "Nobody really cares about “securing the cloud” – outside of the security industry anyway.  In that way, it’s the same as security in general.  Security is not the point.  It’s not our job to secure the cloud.  We have data and applications all over the place.  Some are running on this network segment, some on that.  Some are in this data center, some in that one.  Some are outsourced, or off shore, or cloud based like SaaS."

  1. June 17, 2009 at 11:20 am

    You dropped the rest of my sentence, which was, “… it is no different than any other data protection – we have to protect data regardless of where it ‘lives’ – on a disk farm, on a laptop, or ‘in the cloud’…” 🙂

  2. June 30, 2009 at 8:43 pm

    I seem to hear people recommend cloud computing all the time lately. You and Kevin are right – the data needs to be secured where it lives – easier said than done. I wish more people thought of that before happily wafting all their bits and bytes up into the air, but nothing has changed much except for the scope of the security problem.
    Then again I’m paranoid enough that I can’t quite convince myself to use google for syncing my various devices, even though others urge this method. I suppose one of these days I’ll give it up and use it because it makes life easier – then I’ll be constantly waiting for something to go wrong. Heh.

