Information security is more than just the confidentiality needed to keep secrets. There are two more legs in the so-called CIA triad comprised of Confidentiality, Integrity, and Availability.
Confidentiality is the most important for most organizations, often because of regulatory or other formal requirements. Using the public cloud requires transferring your data into providers’ platforms simultaneously used by other customers. This perceived threat to confidentiality is often the deal breaker for would-be cloud customers.
Trustworthy cloud confidentiality is certainly possible if you maintain control of the cryptographic processes, something you can do in IaaS or PaaS settings. The second hurdle for most would-be cloud customers then becomes the availability. The concern is intensified by the distance involved. Data stored in house, why, it’s right here in the building! We can walk down the hall and look at it, or at least look at the storage array in which it resides. But the cloud is far away and we’re generally not certain as to exactly where it is.
So when I recently saw an article on line about the inevitability of cloud failures and how you cannot rely completely upon the cloud, I understood the concern.
But then I read its list of critical cloud services…
It started with an anecdote of a Microsoft Azure outage. The author wasn’t a direct customer of Azure, but as I have mentioned before, the big providers bring the raw material used to make the specialized services valuable to corporations and government agencies. We are often indirect customers of the Big Three public cloud providers of Amazon, Google and Microsoft, often without realizing it until some outage reveals the dependencies.
And what critical infrastructure had been degraded by this Azure outage? Why, online Halo 4 sessions, and some Xbox Music and Movie services. Oh, the humanity!
He went on to list other not-absolutely-solid cloud-based services whose outage can be extremely disruptive: Hulu Plus, HipChat, Pixlr, Slacker Radio, Xbox Live Karaoke, ESPN apps, and others. Yes, for the want of games and movies and TV and entertainment, the empire might be lost.
But then see how Windows 8 is marketed, with all the people dancing and twirling with their tablets on which they’re sharing pictures and movies of cute animals and picturesque vacations. Only once in a while do they swipe the Netflix icon to the side to glance, however briefly, at a bar chart.
So maybe this is what’s important to people in business, after all.
We discuss cloud availability in Learning Tree’s Cloud Security Essentials course. How your prioritize information assurance, well, that’s up to you.