The bunker scene in the movie Downfall has been adopted by many to spoof many modern events. Recently a spoof video based on the same meme has been produced by Marcus Ranum and Gunnar Petersonon Cloud Security. It is a very good and humorous spoof highlighting a number of security issues and misconceptions with moving your data/systems to the cloud.
While this video is done with much tongue in cheek it does highlight a number of key lessons that you should take on board before moving any of your data and/or systems to the cloud;
- If you application security is not good enough then moving your applications to the cloud will not make them any more secure.
- Outsourcing a security problem does not eliminate the problem, it simply moves it from your datacentre to that of your provider.
- Information security is more than complying with standards or having anti-virus installed on your systems.
- You need to ensure that the SLA you have with your provider satisfies your requirements and not that of the provider.
- Your SLA should also clearly state the roles and responsibilities for information security. The SLA should clearly demarcate those responsibilities between your service provider and you.
- Just because your competitors are moving their systems to the cloud it does not necessarily mean that cloud computing suits your requirements.
- Before moving your systems to a cloud provider you need to conduct a thorough risk assessment.
- Remember though that you should run that risk assessment at regular intervals to ensure that you are dealing with the most current risks to your data.
- You need to review your incident response capabilities to ensure you can react to a security breach impacting your data and/or systems that are hosted in the cloud. Remember your clients or shareholders won’t care who you outsourced their data to, your company will still take the blame and bad press.