a bank, while it has all kinds of security, big vaults, etc are still TARGETED. There are a lot fewer people who will say "let's go see what the robertsons have today," mainly because it is not a sure thing that they will hit the jackpot. A bank is sure to have money because that's what it deals in.
The reason why my money is in the bank instead of in a safe at home is because banks have somehow managed to make themselves an integral part of transactions. There is some level of usefulness, but the second you have a problem with the bank, they lock down and you are the enemy.
just with regards to the backup scenario... most of the cloud computing services are offering Software as a Service. Now as much as having backups of data is useful, wouldn't they need recovery plans for when their software service goes down? traditional software approaches would mean you would have the software available (although it may be a little bit older), but if a company can no longer pay the SaaS fees, where do they go from there?
Last edited by twinscythe12332; 26-Mar-10 at 09:10 AM.
I agree with MarkH, but I'm prepared to go into the detail required to address your point.
Attackers don't need to initiate requests from outside your network to get in. All they need is one computer in your network that's been infected by malware, which will then initiate the connection to the attackers. And how easy is it to become infected these days? It seems every month a new bug is discovered that can allow an attacker to install malware on your computer just because you clicked on a website link. Or opened a specially crafted PDF.
Servers aren't general-purpose machines like your desktop. They're dedicated to just the purpose of serving requests and are therefore much easier to secure - no-one is going to open a web page from the server, resulting in the entire server being infected. Of course, this is assuming your provider knows what he's doing, but it's likely that someone who's managed to stay in business for a few years has figured it out.
Now, obviously, if someone's infected your computer, they may be able to access your data that's in the cloud. But the risk is actually compounded when you have all your services locally, because now every other computer on your network becomes a potential attack vector.
I guess the point you were making was that it's not necessarily clear-cut that a cloud service is more secure. I can't disagree. What I tried to show above, though, is that it's not clear-cut that keeping your data locally is more secure either.
As I said to someone else in this thread, if you can no longer afford the cloud service, you probably have bigger problems than just that. Like your electricity being cut off. That's business for you - bad things happen when you run out of cash, which is why we have budgeting. But what if the local server you were running your software on collapses and you don't have the cash to replace it? That's a much bigger expense, and one you probably didn't budget for.
Also, do you realise that many companies charge annual licensing fees to use their software, even though you install and run it on your own computer / server? Or if not a licensing fee, then a "support fee". Most cloud services include support by default, of course.
Well, that's the crux of my argument right there. There are two roads into the cloud, whereas there's only one into the company network. Once you're compromised, you're compromised.
I asked this question quite recently - last I heard PDFs are still safe
Not quite true. There's this horrid thing called an XSS flaw
Participation is voluntary.
Alcocks Electrical Services | Alcocks Pest Control & Entomological Services | Alcocks Hygiene Services
Did you like this article? Share it with your favourite social network.