[Info-vax] Cloud Security - 68M accounts hacked on Dropbox

Fri Sep 2 11:26:10 EDT 2016

> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On
> Behalf Of Stephen Hoffman via Info-vax
> Sent: 02-Sep-16 10:54 AM
> To: info-vax at rbnsn.com
> Cc: Stephen Hoffman <seaohveh at hoffmanlabs.invalid>
> Subject: Re: [Info-vax] Cloud Security - 68M accounts
> hacked on Dropbox
> 
> 
> TL;DR: are there advantages to running your own servers
> and your own
> infrastructure?   Sure.   There are other and equally good
> reasons not
> to run your own, too.   And I'll bet there'll be more than a
> few
> OpenVMS x86-64 boxes hosted by outside providers,
> once native boot and
> VM support is available.   Computing serves the
> organization.  Where
> it's a competitive advantage, IT will be held more closely.
> Where
> computing and IT is little more than infrastructure, there'll
> be
> financial pressures to outsource.  Learn from the mistakes
> of Dropbox,
> and the mistakes of others including those folks that have
> privately
> hosted services on OpenVMS.
> 

While security implementations are important, the big issue, imho, with outsourcing is loss of control over security and data management POLICY.

See my last response.

[snip..]

> 
> Needs vary.  Budgets vary.   Implementations vary.
> Decisions
> secondary to trade-offs vary.   Are there risks with both
> hosted and
> private?   Sure.   YMMV.   Etc.
> 

As I stated in my previous response, I agree there are pro's and con's with outsourcing but these have been debated back and forth for decades.  There is nothing new about this.

Typically-

If IT services provides part of a company's strategic competitiveness, then it makes sense to manage those components internally (aka private cloud/shared services). 

If IT services does NOT contribute to a company's competitive advantage, then it makes sense to at consider outsourcing (aka public clouds).

Good example - over the last decade or two, GM had outsourced most of its IT organization to approx. 5+ different vendors. Back in 2012, GM hired Randy Mott (former HP/Dell/Wallmart CIO) to bring most of GM's IT back in-house. 

http://blogs.wsj.com/cio/2015/06/12/dun-bradstreet-appoints-gm-cio-randy-mott-to-its-board/
"More boards are seeking out CIO expertise as analytics and mobile strategy become core to the business and cybersecurity concerns continue to make headlines.  Last year, Facebook Inc. CIO Tim Campos was named to the board of network optimization firm JDSU Corp. Mark Potter, CTO of Hewlett-Packard’s Enterprise Group, was named to the board of directors at Solarflare Communications Inc. Intel Corp. CIO Kim Stevenson joined the board of Cloudera Inc.

Since joining GM in February 2012, Mr. Mott has reduced the automaker’s reliance on third-party vendors by bringing most of its IT work in house. “Because we brought the [information technology] work back in-house, we can take the lid off of what is possible,” Mr. Mott told the Journal."

Regards,

Kerry Main
Kerry dot main at starkgaming dot com