The bunker scene in the movie Downfall has been adopted by many to spoof many modern events. Recently a spoof video based on the same meme has been produced by Marcus Ranum and Gunnar Petersonon Cloud Security. It is a very good and humorous spoof highlighting a number of security issues and misconceptions with moving your data/systems to the cloud.
While this video is done with much tongue in cheek it does highlight a number of key lessons that you should take on board before moving any of your data and/or systems to the cloud;
If you application security is not good enough then moving your applications to the cloud will not make them any more secure.
Outsourcing a security problem does not eliminate the problem, it simply moves it from your datacentre to that of your provider.
Information security is more than complying with standards or having anti-virus installed on your systems.
You need to ensure that the SLA you have with your provider satisfies your requirements and not that of the provider.
Your SLA should also clearly state the roles and responsibilities for information security. The SLA should clearly demarcate those responsibilities between your service provider and you.
Just because your competitors are moving their systems to the cloud it does not necessarily mean that cloud computing suits your requirements.
Before moving your systems to a cloud provider you need to conduct a thorough risk assessment.
Remember though that you should run that risk assessment at regular intervals to ensure that you are dealing with the most current risks to your data.
You need to review your incident response capabilities to ensure you can react to a security breach impacting your data and/or systems that are hosted in the cloud. Remember your clients or shareholders won’t care who you outsourced their data to, your company will still take the blame and bad press.