I’ve been talking a lot with clients lately about security and the Cloud. These issues aren’t new, but something came up in conversation that has been resonating with me for days. As with most interesting ideas, it is pretty simple. The bigger and more well-known your organization is, the higher the likelihood is that someone dislikes you (for whatever reason) and will try to mess with you. This is acutely true in our industry where security is the name of the game and hackers take pride in sticking it to the corporate juggernauts who claim their systems are impenetrable.
A perfect example is the great Sony network hack from earlier this year. Despite the damage to Sony’s credibility, very few people profited from any stolen secrets on this job … it was likely just mischief for the sake of bragging rights. That is often the case with hackers and online saboteurs. It is reasonable to suppose they did it just because Sony is huge and they wanted to prove they could slay a giant. This phenomena raises an interesting paradox: nearly every organization wants to grow and increase their visibility to the public in order to get new clients and customers. However, you may reach a point where the shady characters start to take notice and you become a target.
Now, for nearly every client IT Weapons has, this isn’t a worry worth considering directly. Only a select few large organizations end up as targets for online anarchists and mischief makers; and we all know who they are. So by all means, keep up your marketing and your PR efforts. However, the problem is that there are several large technology companies (ahem … large Public Cloud Providers) that are clear and likely targets for online sabotage – whether it is motivated by political, economic, or juvenile interests. And these guys want your business; they want you to trust them with your business-critical apps and data.
To my mind, this kind of risk should make you stop and think carefully about trusting critical pieces of your business to a Public Cloud Provider … Simply put, by trusting your technology to them, you are assuming part of their risk … you are (potentially) collateral damage in an online David and Goliath story.
These stories are romantic … but only from the sidelines. When it comes to business, I don’t want to be David or Goliath … I want to be the guy watching safely from a distance.