[Info-vax] The new world that VMS will be living in

Tue Dec 8 18:10:40 EST 2020

On 12/08/20 02:29, Arne Vajhøj wrote:
> On 12/7/2020 9:18 PM, Bill Gunshannon wrote:
>> On 12/7/20 8:25 PM, Arne Vajhøj wrote:
>>> On 12/7/2020 8:05 PM, Bill Gunshannon wrote:
>>>> Now, we all know how tightly protected the VMS Customer List has
>>>> always been.  With The Cloud you put it on another persons machine
>>>> under their control and relying on their security.  If it gets out
>>>> nothing can ever make it secure again.
>>>
>>> Are you concerned that Amazon, Microsoft, Google etc. will
>>> get a list with 10-25% of VMS customers based on who runs
>>> VMS in their cloud and the list will leak??
>>
>> Not Amazon, Microsoft or Google.  But how about that third shift
>> operator who thinks he should be earning a lot more than they pay
>> him?
>
> What about him?
>
> He will likely only have access to a small fraction of those
> 10-25%.
>
>> And I was using the idea of VSI moving to the Cloud and thus
>> having their entire customer list in someone else's hands.
>> A theoretical example.  But it applies to pretty much any
>> major business and most minor ones.
>
> Ah.
>
> They will not put it in their cloud providers hands
> unless you assume that cloud provider has broken AES.
>
>
>>>>                                     Now, tell me, what exactly
>>>> has any Cloud Provider done to make me want to trust them?
>>>
>>> Driven successful business for many years will convince
>>> many.
>>
>> Many years?  Guess it depends on what you consider The Cloud.
>> Some papers say Mainframes were the Cloud back in the 60's.
>
> That is a huge stretch. So much that I don't think
> it makes much sense.
>
>>>> And that's only one aspect.  How about reliability?  How long can]
>>>> your business run if your Cloud Provider goes down?
>>>
>>> How long can they run if their own data center goes down.
>>>
>>> Same.
>>
>> Yes, but if they have their own facilities they can ensure the
>> means to continue operations (spares, COOP Site, etc) exist.
>> Can the same be said (with any real trust!) about the commercial
>> Cloud sites?
>
> The big cloud providers have millions of spare servers
> and hundreds of locations world wide.
>
> Way more than any corporate IT department has.
>
>>   And then we have something as simple as loss of
>> communications.  If you keep your datacenter on your own
>> premises the responsibility and the control is in your hands
>> and not in the hands of someone you may trust, but actually have
>> no reason to actually trust.
>
> The modern economy to large extent rely on some sort of trust.
>
>>>> And the list goes on and on.  If anyone did real Risk Analysis
>>>> before moving to the Cloud no one would.
>>>
>>> You don't think Deutsche Bank did a risk analysis??
>>
>> Sadly, my experience from when I was still doing this commercially
>> leads me to think that if real risk analysis was done it is very likely
>> that the conclusion was established before the actual analysis.
>
> If they did not do a proper risk analysis, they would be toast
> with internal auditors, regulatory auditors, other business'es
> auditors.
>
> Arne
>

I would think that giving Google all your data is like giving a
burglar keys to you safe and telling him how to find it.

Thye whole purpose of Google to collect other's data by any
meab=ns legal (?) and sell it to others, and you really think that
is in any way secure ?.

Must be out of their mind...

Chris