In This Issue
Week of 9/18/2017
Vol. 22 Issue 34
FEATURE: Securing the Cloud
- The Mega Hacks
- Protecting the Cloud
- The Industry Speaks: Uh-Oh
Quotes of the Week
Upgrades and Numbers
- NK and CRINKS
- Case History: When China Can’t Hack Your Secrets, It Does This
- China Ramps Cyber Attacks on UK Universities
- Minting Money in the Cloud
- The Well-Trained Chinese Spy’s Must-Have Travel Kit
I remember the first time I attended a meeting of global CIOs who were considering moving their operations to “the cloud,” back when old hands were still saying things about it like: “Remember Client-Server?”
The idea of using “master and slave” computing was not new, nor was the idea of having a data center. What was new was the idea of putting your company’s important stuff on someone else’s data center. To that end, terms like “big data” and “cloud” were mocked by those same veterans. I won’t name them, because today they spend all day every day selling cloud-based services in analytics.
In that early CIO cloud discussion, the near-unanimous opinion from the F500 crowd seemed to be setting the stage for the next decade in what vendors would later call “hybrid cloud” – putting the crown jewels on the company’s own data center, and putting high-load / low-secrecy stuff on the cloud. In fact, even this approach took a while to catch on, with most enterprise shops doing the wait-and-see dance.
One of the dirty little secrets that described these early years of cloud leader Amazon Web Services came directly from this situation, as a rather stunning majority of users were startups and some SMBs (small and midsize businesses). New companies such as Piknik didn’t care (or appear to) so much about security, when compared with the AWS advantage of being able to do sudden volume ramp-ups for holidays.
The F500 folks stayed out, for security reasons.
Today, perhaps a decade later, most enterprise participation in cloud computing remains on the hybrid side, which clearly explains the move by vendors such as Oracle to offer seamless movement between public and private clouds. Most cloud vendors are moving to this, or trying to (it’s hard), or at least selling it.
The obvious lingering question in the minds of all global corporate CIOs (and CSOs, and CEOs) is: Is the cloud secure?
To this end, it’s interesting that news of actual cloud hacks is hard to come by. The reasons could be at least twofold:
- a. There have been no cloud hacks; or
- b. Vendors that have had their cloud hacked don’t dare announce it in public, despite the SEC risk, placing the market risk even higher.
Frankly, I’m going for (b).