Slashdot Mirror

← Back to Stories (view on slashdot.org)

Put Your Enterprise Financial Data In the Cloud? Sure, Why Not

Posted by samzenpus on from the keeping-it-safe dept.

jfruh writes: For many, the idea of storing sensitive financial and other data in the cloud seems insane, especially considering the regulatory aspects that mandate how that data is protected. But more and more organizations are doing so as cloud providers start presenting offerings that fulfill regulatory needs — and people realize that information is more likely to be accidentally emailed out to the wrong address than hacked.

11 of 91 comments (clear)

  1. then/than by Anonymous Coward · · Score: 3, Funny

    Emailed out, and then hacked! It's a one-two punch of bad luck!

  2. No, just no. by geogob · · Score: 4, Insightful

    Nothing goes into "the cloud". I'm slowly getting sick of this cloud hype. In most cases its useless and its only a security risk - a risk no one can really weight as the cloud is often maintained by an external provider.

    1. Re:No, just no. by ArylAkamov · · Score: 4, Informative

      Wasn't it Bill Gates and Steve Jobs that originally rallied against relying on external entities to store your data?

      We've come full circle.

  3. Um... by fahrbot-bot · · Score: 2

    ... information is more likely to be accidentally emailed out to the wrong address then hacked.

    ... "then" or "than" ? Because they're different.

    --
    It must have been something you assimilated. . . .
  4. obvious ad by jarkus4 · · Score: 4, Insightful

    advertisment in pretty clear form.
    "I went to this company conference and they told me they're cool and I have nothing to worry when storing my data on their great services"

  5. What if I told you... by xxxJonBoyxxx · · Score: 3, Interesting

    ...that most "brick and mortar" banks have been outsourcing their "back end" account management (i.e., your money) to "the cloud" for decades? (OK, back in the day, no one called it "the cloud," but it was the same damn concept.)

    What else do you think EDS, FIS, Fiserv, Jack Henry, etc. have been doing all these years?

  6. bullshit by Gravis+Zero · · Score: 4, Insightful

    Is data in the cloud vulnerable? Well, yes, all data everywhere is theoretically vulnerable and the cloud is no exception.

    "the cloud" has proven time and time again to be not just vulnerable but exceedingly vulnerable to attack. what's worse is that companies are under no obligation to tell you when (not if) they get hacked. worse yet, they aren't held responsible for getting hacked, so all you can do is switch to a new "cloud provider" and pray it doesn't happen again.

    --
    Anons need not reply. Questions end with a question mark.
  7. Re:What's the point by MobSwatter · · Score: 2

    The first rule of security is don't put all your eggs in one basket. Like a cloud with multiple users data segmented but under one layer of sandboxed admin privs. If anyone thinks that is a good idea then just ask the NSA about it though that might still be a bit of a touchy subject for them with Snowden. In reality the only credentials that should have access to all data would be the service a backup runs under and the backup operator should have a healthy loyalty based paycheck. These are some old school tactics, but hey this new shit is supposedly better somehow and I'm sure China really appreciated the F-35 JSF plans before the plane was completed. Now if security is not such a big deal anymore then we should be able to sublet positions to H1B visa candidates and collect a free paycheck.

  8. There is a saying ... by Taco+Cowboy · · Score: 2

    ... that 99.999% of the humans are idiots

    At first I did not think much of that saying, but, reading TFA, especially the part about "... people realize that information is more likely to be accidentally emailed out to the wrong address then hacked ..." makes me wonder if there is a need for something far worse than the word "idiot"

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:There is a saying ... by grep+-v+'.*'+* · · Score: 2

      Where I used to work, there were a few short terms for idiots who ignored or violated security standards: CEO, CFO, Legal, etc. They'd pass all these security measures for protecting data, and then say, "Oh, but not for me."

      One of them had they RSA keyfob security code statically set at "111111" because it was just too hard to type in the digits (or they changed too quickly, I forget which.)

      He got written up in the security exception reports and such, but was high enough to be able to override it.

      At least it wasn't the code to the planetary air shield generator: 12345.

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
  9. Re:regulatory aspects by turbidostato · · Score: 2

    *You shouldn't trust the cloud providers. Even if the CSP and its employees are trustworthy, if they get a court order or double-secret-probation security letter, they have to turn the data over.*

    You *shouldn't* trust banks. Even if the bank and its employees are trustworthy, if they get a court order, they have to lock your accounts and/or hand your money to the government.