The Requirement for Security Independence in a Virtualized (or Cloud) (or Virtual) World

As we evolve more and more to complete self-contained services like the mainstream Cloud services of Microsoft, Amazon, IBM and Google, I often express concerns about the Cyber aspects being coupled.  Enterprises and users are, if they haven’t already, getting more and more comfortable with giving up their physical/virtual servers, applications and storage but are not, and should not, be comfortable giving up control of their sensitive data.  The shared responsibility models of Cloud Services Providers (CSPs) delineates between the physical aspects (network, disks, memory, etc.) and the responsibility of what resides in the storage and computer.

Data Sovereignty, Safe Harbor & General Protection Regulations

First, an explanation on the concepts in the title of this piece. Data Sovereignty is the concept that digital data and information is subject to the laws of the country in which it is located and/or created. Safe Harbor is an agreement between the USA and EU that regulated and control import, export and processing of personal data and information. And the most recent, EU General Data Protection Regulation (GDPR) is the regulation of “processing’, ownership, rights and storage of personal data and information within the 28 member EU states.

Cloud Computing: You Are Responsible and Accountable for Security

It’s all about the data. I have been involved in cloud computing since 1999 (although we called it multi-tenant hosting & ASP – application service provider) and for sixteen years security has consistently been the #1 concern when organizations are asked about their adoption of cloud models. The concern does not reside with the use of a storage array they have no access to or the utilization of a virtual machine cluster in some unknown data center, it’s all about the data and sensitive information.