The Cloud: Do your Homework

So this raises the question.  How scared should the average business owner be about moving to the cloud?  Of course it’s a complex question.  If you look at it completely academically, you’ll need to value assets, calculate risk and all the rest.  But let’s cover a few practicalities here.

It’s very common for small businesses (and some large ones) to have an attacker inside their systems for months if not years before anyone notices.  When they do notice, there is seldom a competent forensic investigation to determine what has happened and for how long.  Actually, what usually happens when there is a security incident is the sysadmin or IT provider does his/her best to patch it up and move on.  

So would you rather have someone directly inside your systems, or just have a bit of your data in a large pile of other data that a random person may or may not ever go through or use against you? Don’t get me wrong, I’m not saying “a compromise is going to happen anyways so don’t worry about it”.  What I am saying is that you have to evaluate how critical your data is, and how much you want to protect it.  If you are really worried, build your own solid protection mechanisms.  If you aren't worried, then why would the cloud worry you any more or less?

While I predict there will be several large scale cloud compromises in the next year, the usual attitude of “I don’t need security, nobody would target me, and security consultants and products are too expensive” won’t position you any better.  If you are using security as a reason not to move to the cloud, make sure you’re doing it better.

Somehow, given the aforementioned rationale I doubt most businesses a capable of doing it better. Look closely at your data and how much it means to the bottom line. What if your database were wiped tomorrow and your backup failed. I imagine heads would roll if not total business collapse. 

Bottom line.....do your homework and have people that know the total picture advise on the best course of action.