[Info-vax] The new world that VMS will be living in

David Wade g4ugm at dave.invalid
Tue Dec 8 14:40:04 EST 2020 

>>
>> Or?
> 
> Do you even follow the numerous news reports on data breasches?
> The data is almost never encrypted.  Moving it to The Cloud is
> not going to magically encrypt it.
> 

Almost all Banking data needs to be encrypted at rest, which is why IBM 
brought in "Encryption at rest"

>>
>>>>
>>>> And assuming proper encryption is used, then you have access
>>>> to data while the cloud provider does not have access to data.
>>>
>>> Once you put it on someone else's machine they have possession of
>>> that data and you are trusting them to keep it safe.  Within your
>>> own organization one of the biggest dangers is the insider threat
>>> (at least according to a lot of published papers lately).  But you
>>> no longer have control over the insiders.
>>
>> They have possession of a disk with some AES encrypted data.
>>
>> The owner have possession of the key and therefore the data.
> 
> That is an assumption I am not prepared to make.  And I would
> hope no one else would either.
> 

There are nuances, but I seem both points.

The problem VMS faces is that businesses are making commercial decisions 
to move their data to "cloud" based providers. Generally we have no say 
in that decision. The conversation will be :-

Customer. "Can we move our VMS systems to the loud?"
Supplier. No its insecure, and we don't trust it.
Customer. "well in that case if VMS blocks our strategic plans we will 
have to replace it.

Actually the second customer response would probably be more earthy...

Indeed the organization may have no choice. One of my co-workers 
expressed similar concerns to yours, when told "we" were moving some 
data to a cloud based solution and he wouldn't allow it.

As I pointed out he had little choice as we were a local government 
organization, the cloud based provider had the relevant certifications, 
which approved by central government, and the service levels offered 
exceeded  those we could promise internally. In law he wasn't allowed to 
discriminate.

However the cloud solution was way more expensive than the internal 
solution...

> bill
> 

Dave
Fortunately retired, and so no longer have to explain to my manager why 
he can't sack all his IT staff if he moves data to the cloud.

More information about the Info-vax mailing list