words of wisdom from a systems engineer

Thanks to ISACA’s San Antonio chapter!

ISACA logoI had the pleasure of speaking to ISACA’s San Antonio chapter today about cloud security. The luncheon sold out and they had some good questions for me.

Much of the questions were centered around the increased risks associated with cloud and how to store data securely in cloud environments. After going through some analogies to explain what makes cloud hosting different, I explained how the risks in cloud are very similar to the risks you face in hosting anything outside your company’s four walls. You still have to deal with a provider who potentially can access your data and the pace of cloud is much faster. I covered the “cattle vs. pets” idea and talked about treating cloud resources as large groups of servers with managed configurations as opposed to physical servers that are handled individually.

As for storing data securely, I urged the audience to analyze how a provider handles their data. For example, if you use a cloud storage solution and you’re never asked about encryption keys, a good question to ask is “who holds the key to encrypt and decrypt my data?” When it comes down to it, your data isn’t safe anywhere. Even if it’s on paper behind four locked doors, there are people who would have access to that paper at some point in time. You must understand your threats and stack up defenses to thwart the most dangerous (and probable) threats that you’ll face.

If you’d like a copy of the presentation, feel free to download it.