[Info-vax] Where is EISNER:: and who funds it?

[chris]

On 12/22/21 17:00, Arne Vajhøj wrote:
> On 12/21/2021 11:21 AM, chris wrote:
>> On 12/21/21 00:46, Grant Taylor wrote:
>>> Compare and contrast fully patched system in a co-location facility /
>>> Virtual Private Server in the cloud which is utilizing disk encryption,
>>> can't decrypt anything (on boot) without (remote) operator interaction,
>>> verses a server in an office that hasn't ever been patched and is
>>> internet accessible.
>>
>> Cherry picking the most extreme cases as an example is hardly a valid
>> argument.
>>
>> What was that date center that burned down recently ?, took weeks to
>> get all the customers back up and running and understand that some are
>> still waiting. Ok, rare event, but trust an external supplier like
>> that and you really need to understand the risks. That's why companies
>> with long experience of IT, like Barclays, choose to keep all data
>> local onsite...
>
> Barclays chose on-prem.
>
> But that is not a universal picture across banks.
>
> A quick google of some big banks revealed:
>
> Barclays - private cloud
> Deutsche Bank - Google cloud
> HSBC - Amazon cloud
> JP Morgan - multi cloud
> Bank of America - IBM cloud
> Citibank - private cloud
> Goldman Sachs - Amazon cloud
> BNP Paribas - private cloud
> UBS - Microsoft cloud
>
> They are all over.
>
> Arne
>
>

Good, but that doesn't split it down enough and you can bet that
the really critical and sensitive is kept onsight, or at least a
mirror copy of. To do otherwise seems foolish, even irresponsible,
to me.

One also has to remember that all external cloud requires internet
access, unless they are using leased line or some other sort of
private network, not connected in any way to the internet. Once
internet connected, a whole world of security issues need
to be addressed...

Chris