Skip navigation

Tag Archives: audit

The Cloud…Does it Matter?

Ok, First I want to say people are over exaggerating on the idea of the cloud and its technology. My definition of the cloud is as follows.

“The Cloud and its technology behind it is a very simple definition but complex network of machines, this can be software as a service to the user in a web site GUI or even just a file transfer service. If you have a network of machines in one location or multiple and with one interface for its users, that can be a cloud interface. Its just a service. It can be used via application on your desktop to any protocol or service type. The main way to access the cloud is via a web GUI.”

That is my definition of the cloud. I do not know why people are in a big storm of is the cloud safe? How secure are their network? What compliance do they have on their servers? The list goes on. Ok, it is as safe as going to any site was before but now they have a bigger infrastructure. I think you should never rely totally on the cloud for your data or especially personal or important. Their were many cases when people lost their privacy, data and more to the cloud. I think it is a good alternative backup solution to store your photos or stuff but make sure its in some encrypted rapper. Also make sure you keep to the 3 step backup solution when you are backing up data. Step 1: Keep one on a portable media device preferably a DVD and make new backups of old data every few years just in case it gets damaged, stolen. Step 2: Keep one local for editing prosperous, and a good place if your backup on a media is loosed, damage or stolen. Step 3: You should use the cloud, make sure you have control of the key, encrypt you data then send it to the cloud service that you trust and is known like Carbonite found at http://www.carbonite.com/.If you listen to any of www.twit.tv shows you may get a discount.

So, I think that they should have a normal audit every few months that will do a vulnerability assessment and even better a pen tester to tell you if he/she could get in and how to fix it. They should have tools to monitor traffic on their servers and any unauthorized access should result in termination on access, logged and contact the authorities if necessary.

Advertisements