A recent Network World piece about an RSA 2013 panel that covered cloud forensics and whether or not your cloud providers will be able to come through for you in the event of a lawsuit or breach bringing some critical pitfalls of cloud computing.
Two things are certain:
In an era where cloud providers still believe “security” is a SSAE 16 checkbox, we’ve got a looong way to go before they’re going to be in a position to help us in even greater capacities such as these. They simply don’t have the means nor the incentive.
I can’t stress this enough: unless you want to appear foolish, think through the security, legal, and business aspects of cloud computing before you fall for the marketing hype and jump on the bandwagon.
I’ve written pieces with more insight and prescriptive cloud advice here. Take it slow and good luck.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”