- by rbaz, Data Doctor
- 1/29/2014 5:39:45 PM
Exactly Beth. Detailed and proper assessments are not always performed or given the importance it deserves. Cursory considerations too often describes the process. We are accumulating many costly events that are forcing the cavalier to take notice.
- 1/29/2014 5:13:03 PM
rbaz, I've heard that as a best practice as well. And really, it does make sense -- why spend the money building a fortress around data if all that's need is a picket fence? In undertaking a risk assessment, companies learn about the type of data they have, how it's entering and exiting the network, and how best to protect it. Does it contain personally identifiable information or confidential company information? Is it information that's already publically available? For the former, you might apply security mechanisms that prevent that data exiting the company network. For the later, you wouldn't want to bother, for example.
- by rbaz, Data Doctor
- 1/29/2014 1:14:01 PM
Beth, I agree that data security should be given greater consideration. But the facts are that too many times it falls victim to process strimelining and cost savings measures as dispensible. I once heard the comment that the cost of data security should not exceed the value of the data to be safeguarded. I had too wonder how they valuate the data and what factors were used?
- 1/29/2014 8:31:39 AM
And, of course, the challenge gets more difficult with each new generation of hires, maturing as they are into the working world with the expectation of being always online and having access to what they when, when they want it, from the cloud.
- by Hospice_Houngbo, Prospector
- 1/28/2014 11:28:25 PM
That's a great question, Beth. I don't think there's enough awareness, except in the most risk-averse industries. And even in those, the dev guys usually find a way to get around IT safeguards.
Security culture is a huge issue, especially when you factor in the 'shadow IT' cloud engagements that don't even involve the IT department.
- 1/28/2014 11:25:44 PM
That's the quintessential use case, Jeff. And the complexities depend a lot on how things are set up from the outset. For site demand spikes, you can activate extra Web server instances on any IaaS cloud, or you can make things even easier and partner with a content delivery network provider like Akamai or CloudFlare.
- 1/28/2014 8:39:27 AM
Michael, we talk here a lot about how free and loose consumers are with their private information, easily given up for the convenience and bargains a loyalty card might afford them or some social service or another. The idea that they just as easily stockpile data in the cloud goes along with that trend. People really don't seem to think enough about their data, where it lives, what it's used for, and how to protect it. And I can see the same could be said of employees using Dropbox and the like for corporate data. This services make it so easy of putting data in the cloud they take any necessary thought about what is really at risk out of the process! Do you think companies are doing enough to guide individual employees about the use of cloud storage services like Dropbox for corporate data (vs. the checklists and guidance IT might have in place for cloud use at a higher level)?
- by Jeff, Data Doctor
- 1/28/2014 6:34:53 AM
Yeah, this makes sense. What about a case where a web site gets hit heavy for a like one day or one month a year. Like a yearly conference site. Where you use the cloud to handle peak load. And the main site runs in house on modest hardware. That would be a cost saver right? Would the complexities be justified in this case?
- 1/27/2014 10:19:01 PM
Hybrid sounds pretty good, but it's complicated to set up, and it's predicated on the idea that you have internal resources, too. So I don't know how much up-front savings it'll provide, unless you're comparing it to purchasing more on-premises equipment.