Even the experts can’t seem to get cyber-security right. Wouldn’t you like to get out of the business of guarding your customers’ data?
During a closed-door cyber-security meeting last month, I listened to network and policy experts discuss the vulnerabilities that define our connected nation and world. The threats are numerous and the attack tactics manifold, even if the motivations are relatively limited—profit, anarchic tendencies, and nationalistic fervor.
States face threats to their critical physical infrastructure, their banking systems, and their highly confidential information. Private companies are vulnerable to theft of intellectual property, exposure of their customers’ important data, and other maladies.
Many private businesses seem baffled and flat-footed when it comes to cyber-security. That’s no surprise, given that a leader in cyber-defense, RSA Security, was itself the victim of a significant hack just months ago.
So, it occurred to me, as I watched the cyber-experts scratch their heads last month, that one of the original objections companies voiced about cloud computing may eventually become its greatest virtue. In essence, a company that runs its ERP system in the cloud or rents storage from a cloud service provider is outsourcing the security of its data to that provider. For the moment, security certifications for cloud computing providers resemble the chalkboard at an ice cream shop: too many flavors to choose from.
But soon the industry will rally around a winning security standard for cloud computing. Then the real battle will begin—crafting service-level agreements that will define the responsibility for any breaches of data. Of course, no private company will welcome a data breach that exposes its customers’ sensitive data. But it may welcome the chance to point a finger at the cloud computing provider.
Against the advanced persistent threats that exist in today’s networked world, even paragons of cyber-security can become victims. Wouldn’t you want to shift that responsibility to another company if you could?