The recent breach of the Sony PlayStation Network calls into question the security and reporting practices of cloud vendors and suggests greater diligence in reviewing their service-level agreements.
Written by Carol Woodbury
Editor's Note: This article introduces the Webcast "Coffee with Carol: Security and the Cloud—Blue Skies or Major Storm" available for free download from the MC Webcast Center.
Is the cloud a security storm waiting to unleash its fury or sunny skies that will make you relax and relinquish all of your security cares? The recent breach of the Sony PlayStation Network created headlines, and when the dust settled, it turned out to be the second-largest online data breach in U.S. history. The fact that the attack on Sony was launched from a "public cloud" brings into question the security policies and reporting of cloud vendors.
The public cloud vendor in the Sony case is facing subpoenas and will likely have to produce records, including a history of transactions, and provide information to trace who had access to the specific Internet address at the time.
Cloud security comes down to understanding security configuration, policies, record keeping, and what service level your cloud vendor is providing with its cloud solution. Keep in mind this isn't just about technology. There are many aspects that must be included in the service-level agreement when you consider a cloud solution.
as/400, os/400, iseries, system i, i5/os, ibm i, power systems, 6.1, 7.1, V7, V6R1, SkyView Partners