[Info-vax] The new world that VMS will be living in

[Arne Vajhøj]

On 12/7/2020 9:18 PM, Bill Gunshannon wrote:
> On 12/7/20 8:25 PM, Arne Vajhøj wrote:
>> On 12/7/2020 8:05 PM, Bill Gunshannon wrote:
>>> Now, we all know how tightly protected the VMS Customer List has
>>> always been.  With The Cloud you put it on another persons machine
>>> under their control and relying on their security.  If it gets out
>>> nothing can ever make it secure again.
>>
>> Are you concerned that Amazon, Microsoft, Google etc. will
>> get a list with 10-25% of VMS customers based on who runs
>> VMS in their cloud and the list will leak??
> 
> Not Amazon, Microsoft or Google.  But how about that third shift
> operator who thinks he should be earning a lot more than they pay
> him?

What about him?

He will likely only have access to a small fraction of those
10-25%.

> And I was using the idea of VSI moving to the Cloud and thus
> having their entire customer list in someone else's hands.
> A theoretical example.  But it applies to pretty much any
> major business and most minor ones.

Ah.

They will not put it in their cloud providers hands
unless you assume that cloud provider has broken AES.


>>>                                     Now, tell me, what exactly
>>> has any Cloud Provider done to make me want to trust them?
>>
>> Driven successful business for many years will convince
>> many.
> 
> Many years?  Guess it depends on what you consider The Cloud.
> Some papers say Mainframes were the Cloud back in the 60's.

That is a huge stretch. So much that I don't think
it makes much sense.

>>> And that's only one aspect.  How about reliability?  How long can]
>>> your business run if your Cloud Provider goes down?
>>
>> How long can they run if their own data center goes down.
>>
>> Same.
> 
> Yes, but if they have their own facilities they can ensure the
> means to continue operations (spares, COOP Site, etc) exist.
> Can the same be said (with any real trust!) about the commercial
> Cloud sites?

The big cloud providers have millions of spare servers
and hundreds of locations world wide.

Way more than any corporate IT department has.

>             And then we have something as simple as loss of
> communications.  If you keep your datacenter on your own
> premises the responsibility and the control is in your hands
> and not in the hands of someone you may trust, but actually have
> no reason to actually trust.

The modern economy to large extent rely on some sort of trust.

>>> And the list goes on and on.  If anyone did real Risk Analysis
>>> before moving to the Cloud no one would.
>>
>> You don't think Deutsche Bank did a risk analysis??
> 
> Sadly, my experience from when I was still doing this commercially
> leads me to think that if real risk analysis was done it is very likely
> that the conclusion was established before the actual analysis.

If they did not do a proper risk analysis, they would be toast
with internal auditors, regulatory auditors, other business'es
auditors.

Arne