Fear, Uncertainty and Doubt (FUD) has been a factor in technology adoption since, well since forever. And that there’s FUD around cloud adoption driven by data security concerns is a no brainer. Sure, companies can go for all sorts of security certifications, but it’s unclear that accreditation will ease cloud anxiety.
Fanning the FUD flame this week was a new report (PDF here) from the Commission on the Theft of American Intellectual Property estimates that IP theft costs the U.S. economy $300 billion per year. Not surprisingly, China was fingered as the chief culprit, although Russia and India were also named as problem children here.
The panel, Reuters reported, wants to anoint the president’s national security advisor as grand poobah of a ramped-up effort to protect intellectual property. Bad behavior should be met with banking sanctions, import bans and financial blacklisting, according to the 89-page report. (In related news, former CIA Director James Woolsey this week warned that the U.S. is at risk of a cyber attack from North Korea which truly is scary. At least Chinese motives seem rational.)
Security, or lack thereof – is one big de-motivating factor when it comes to moving more corporate workloads to the cloud– or allowing employees to use their personal smartphones at work for that matter. But it would foolish for security vendors to waste a good crisis.
This week Verdasys, for example, launched an update to its managed security service to extend protection to users’ end-point devices. Expect a raft of similar offerings and updates to come.
Security guru Dan Geer says high-stakes hacking is now a way of life and the best any company can do is to mitigate, not eliminate, risk.
“If your enemy really is the People’s Liberation Army, what can you do? We can sputter about it but they’re serious and they’re good,” he told me in an interview last week. “The most serious attackers will probably get in no matter what you do. At this point, the design principal, if you’re a security person working inside a firm, is not failures, but no silent failures.”
The key is to know as soon as possible that a breach has occurred and to react fast.
Other than that, key design points are to keep things patched and to put firewall filtering both on incoming and outgoing traffic, said Geer.
Other key cloud news from GigaOM and elsewhere
It was a very busy week in cloud land. Here’s a recap of GigaOM’s coverage:
- Google cuts prices on week-old datastore
- SAP cloud chief steps down
- Joyent to Amazon: It’s on
- Skyhigh Networks gets $20M to lift IT out of the shadows
- How Amazon’s cloud competitors are trying to find cracks in AWS armor
- Dell backs away from OpenStack public cloud, steps up to Enstratius
And from around the web:
From The Guardian: Public,private or hybrid cloud.
Citrix Synergy 2013 live blog from Brian Madden.
And now, for your moment of Zen
With apologies to Jon Stewart: