Ad 1. If we could ensure specific code of the cloud/apps services, we could audit them and make sure they e.g. don't let service providers to access our data.
-
-
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
On point! However, there is one huge advantage: large providers (ex. Microsoft) can provide security safeguards & testing on levels smaller firms can not.
-
I would argue that most firms, regardless of size, can’t provide security to the extent a major cloud provider does
-
I'd clarify that, though. The cloud provider is securing their bit. If you spin up an instance it's entirely down to you to secure it.
-
Certainly so. They are only securing what they are responsible for. Everything else is the customer’s responsibility. Many people get that wrong, as we have seen
-
Definitely and same. I’ve worked with clients to remind that while the cloud offers more physical and technical security, admin controls and following secure data practices are on them.
- 1 more reply
New conversation -
-
-
But if you are in a colo, much of this still applies.
-
Yes, the #2 and #3. I'm not pushing for "let's go back to colo our own servers", btw ;)
-
Why colo? Modern business or even residential fiber has more bw than the vast majority of servers need to host on-site without being affected by #1 & #2.
-
What keeps ppl from doing this is the lack of well-known trusted software to set it up and maintain it without trusting a third party (or additional employee(s)) with access.
-
I can't speak for others but what's stopped me from doing this at my org is that building a proper data center - security, power, climate, fire suppression, etc. - and doing it right, is an expensive proposition
-
A normal org can run all its infrastructure on one modest physical box. No special power or climate needs.
-
While you're correct about the small amount of hardware needed, I disagree about the power requirements. Unless you're comfortable w/downtime independent, redundant power systems are a necessity. So at the very least mains backed up by a diesel generator w/auto switching
-
Or just a standard UPS with 10 car batteries wired up in parallel in place of the low-capaciy SLAs it came with.
- 4 more replies
New conversation -
-
-
Also legal jurisdiction problems
-
Exactly. Some professions (medical, financial and legal, for example) who deal with very sensitive private customer information have strong regulations that don’t allow this kind of data to be stores at third party locations or offshore.
-
There are plenty of data sovereignty laws around the world, but I’m not aware of any that preclude the use of third party providers. Do you know of any?
-
I used to work in an billion$ org that allowed us to use aws so long as they were EU locations. You can’t move personal data to a legal jurisdiction that provides less protection than where it came from, so EU user data had to stay in the EU.
-
That is a pretty common misconception. The entity in the other jurisdiction needs to agree to properly handle such data via model clause agreement or binding corporate rules, and under GDPR must be disclosed to customers. It’s a hassle, but not prohibited.
-
And this is why I enjoy talking to people who know more than I do: I often learn useful stuff from other people’s experiences. Thanks to both of you.
-
Twitter is a great place to learn. I have learned things and met people and made friends that I would have never otherwise had the opportunity to.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.