[Info-vax] Cloud Security - 68M accounts hacked on Dropbox

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Fri Sep 2 13:28:47 EDT 2016


On 2016-09-02 15:26:10 +0000, Kerry Main said:

> While security implementations are important, the big issue, imho, with 
> outsourcing is loss of control over security and data management POLICY.

Breaches can and have happened when organizations are in compliance 
with policies, and when not.

Best to plan on those breaches happening, and to work toward mitigating 
those, and whether the servers involved in-house or outsourced, staffed 
by employees or contractors, or some combination.   Between phishing 
and ransomware, more than a few organizations have lost their data, 
after all — whether in-house or not, policy or not, etc.

> As I stated in my previous response, I agree there are pro's and con's 
> with outsourcing but these have been debated back and forth for 
> decades.  There is nothing new about this.
> 
> Typically-
> 
> If IT services provides part of a company's strategic competitiveness, 
> then it makes sense to manage those components internally (aka private 
> cloud/shared services).
> If IT services does NOT contribute to a company's competitive 
> advantage, then it makes sense to at consider outsourcing (aka public 
> clouds).

Most places use both.   Either explicitly or — for better or for worse, 
or variously for both — via shadow IT.     IT services can and must 
deal with both.

As for Dropbox, there's no easy way to use OpenVMS to get anywhere near 
what Dropbox provides users.   Short of rolling your own stack.    Then 
you have to fund and maintain and upgrade and secure all that, too.   
Welcome to added costs, and quite possibly to undifferentiated costs, 
the bane of more than a few IT organizations.

> Since joining GM in February 2012, Mr. Mott has reduced the automaker’s 
> reliance on third-party vendors by bringing most of its IT work in 
> house. “Because we brought the [information technology] work back 
> in-house, we can take the lid off of what is possible,” Mr. Mott told 
> the Journal."

The GM execs that were responsible for sending IT out the other way 
undoubtedly made similar comments back when the outsourcing occurred, 
around whatever they were optimizing for, too.  Business needs change, 
after all.



-- 
Pure Personal Opinion | HoffmanLabs LLC 




More information about the Info-vax mailing list