Cloud Computing: Real Rewards / Real Risks

I logged in one morning and had an email with the headline:

“CUSTOMERS OF MAJOR BANKS AND RETAILERS ARE BEING WARNED OF MASSIVE EMAIL HACK”

“A recent data breach at Epsilon, the world’s largest permission-based email marketing provider, has affected clients of many of the largest banks and retailers in the US including; Capital One, US Bank, Citi, Kroger, Walgreens and Target…just to name a few. These companies have now begun warning customers that their email servers have been breached and that customers’ email addresses and names have been compromised. “ (excerpt)

I am familiar with most of the brands listed above, except of course of Epsilon. Apparently, all of the brands I trusted with my “information” in-turn trusted Epsilon. It must have made good business sense to outsource op- in email. The problem is that Epsilon as it turns out cannot be trusted.

Prior to receiving this email, my wife and I planned to sign up for a new customer loyalty card from one of the affected brands. But not now. I wonder what this mess’s cumulative impact will be on customer loyalty, brand equity and, corporate profits?

Cloud Computing offers a ton of benefits, but as this data breach demonstrates it also exposes you to a ton of risk. I recently sat in on a Webcast that highlighted some strategies for structuring a cloud-computing contract to manage that risk. MSPTV hosted the presentation and it featured David Navatte, and Richard Santalesa of the InfoLawGroup.

I think they did a good job of covering how you can protect yourself from legal issues. But while I was listening, it got me thinking about a recurring conversation I have with business owners about security.

In my opinion, network security is a balancing act that is levered to the two questions, “How much time and money are you willing to devote to keeping a hacker out? And How much time and money is a hacker willing to devote to get in?

The hackers opinion of the asset’s (data, technology, etc.) value is key. If the target is big bank, it is likely the asset is highly valued. If the target is a small business, it may be less valuable.

As such, a reasonable small business security strategy needs to attempt to make its network more of a hassle to breach than its worth. The goal should be to make it easier for the hacker to simply move on to the next less protected network than to hassle with breaching yours.

If I extend this idea to cloud computing an undiagnosed risk emerges. Because of their scale, big clouds like Gmail / Google Apps, provide many features for a low per / user cost. But with every new customer, they become more and more attractive to hacking and other malicious behavior. By comparison, a local cloud provider may cost a little more, but it presents a much less attractive target. That’s if the local provider is on the hacker’s radar at all.

I think that Cloud Computing is maturing, but I still think this concept is in its infancy. As such, the benefits and risks warrant a serious evaluation before any kind of commitment. If you’re considering this technology and would like to leverage Endsight’s experience, click here and let’s schedule some time to meet and talk. Contact Endsight