Microsoft and The Cloud
-
The cloud has advantages, but I think that big companies have little need except there they need the flexibility of the cloud when there are only certain times they need a lot of resources. For smaller companies you get the advantage of eliminating the single points of failure
advantage of course and have heard many times but i am talking security/compliance road blocks - for example, "Who has access to trades table" (a security trading firm for example). I'm not going to even contemplate if you work for say FBI you'd get questions such as "Who has access to this physical application server?", "Auditor need to come in every three months to check event logs on each physical/virtual server hosting this application"
dev
-
I can see it's alright (to put your apps, and data) for many small/medium size company where compliance/security/confidentiality isn't a big thing. But I just don't see how The Cloud be compatible with corporate compliance in banking industry, let aside security and government related activities. I wonder, if Microsoft's bet on The Cloud will be a financial success...
dev
A few years ago I had drinks with an MS Cloud sales person and in his opinion the big end of town was not his market, he was after the SMEs. That was a few years ago so a lot may have changed since then.
Never underestimate the power of human stupidity RAH
-
A few years ago I had drinks with an MS Cloud sales person and in his opinion the big end of town was not his market, he was after the SMEs. That was a few years ago so a lot may have changed since then.
Never underestimate the power of human stupidity RAH
-
I can see it's alright (to put your apps, and data) for many small/medium size company where compliance/security/confidentiality isn't a big thing. But I just don't see how The Cloud be compatible with corporate compliance in banking industry, let aside security and government related activities. I wonder, if Microsoft's bet on The Cloud will be a financial success...
dev
It's a breach of Government regulations to put almost any of our data on the cloud. We have to be able to assert that our data is not stored on any off-shore data services. Which is quite funny as the Australian Government Technology Review magazine is always drinking that cool-aid.
-
It's a breach of Government regulations to put almost any of our data on the cloud. We have to be able to assert that our data is not stored on any off-shore data services. Which is quite funny as the Australian Government Technology Review magazine is always drinking that cool-aid.
RCoate wrote:
It's a breach of Government regulations to put almost any of our data on the cloud.
We have to be able to assert that our data is not stored on any off-shore data services.
Which is quite funny as the Australian Government Technology Review magazine is always drinking that cool-aid.You're not in Canberra by any chance are you?
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
-
I can see it's alright (to put your apps, and data) for many small/medium size company where compliance/security/confidentiality isn't a big thing. But I just don't see how The Cloud be compatible with corporate compliance in banking industry, let aside security and government related activities. I wonder, if Microsoft's bet on The Cloud will be a financial success...
dev
Even those industries have lots of low security normal business data (documents about business processes, training material, administration for building maintenance, utilities etc, even some of their internal systems that don't deal with customers' money) which could be put on the cloud. After all it's not that different from dedicated hosting in a data centre which even banks make a lot of use of already.
-
advantage of course and have heard many times but i am talking security/compliance road blocks - for example, "Who has access to trades table" (a security trading firm for example). I'm not going to even contemplate if you work for say FBI you'd get questions such as "Who has access to this physical application server?", "Auditor need to come in every three months to check event logs on each physical/virtual server hosting this application"
dev
devvvy wrote:
"Who has access to trades table" (a security trading firm for example). I'm not going to even contemplate if you work for say FBI you'd get questions such as "Who has access to this physical application server?", "Auditor need to come in every three months to check event logs on each physical/virtual server hosting this application"
Having recently worked for a brokerage that failed after operating illegally for 2 decades, I can say that there is much less auditing in real time than you think. It seems all of it happens after the fact, after shit hits the fan. Our tables could have been located anywhere and compliance would have been fine. Now, on the other hand, if I was at a firm that actually gave a shit about their customers, security might have been an issue with the cloud, but who knows.
-
Even those industries have lots of low security normal business data (documents about business processes, training material, administration for building maintenance, utilities etc, even some of their internal systems that don't deal with customers' money) which could be put on the cloud. After all it's not that different from dedicated hosting in a data centre which even banks make a lot of use of already.
-
RCoate wrote:
It's a breach of Government regulations to put almost any of our data on the cloud.
We have to be able to assert that our data is not stored on any off-shore data services.
Which is quite funny as the Australian Government Technology Review magazine is always drinking that cool-aid.You're not in Canberra by any chance are you?
Michael Martin Australia "I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
-
devvvy wrote:
"Who has access to trades table" (a security trading firm for example). I'm not going to even contemplate if you work for say FBI you'd get questions such as "Who has access to this physical application server?", "Auditor need to come in every three months to check event logs on each physical/virtual server hosting this application"
Having recently worked for a brokerage that failed after operating illegally for 2 decades, I can say that there is much less auditing in real time than you think. It seems all of it happens after the fact, after shit hits the fan. Our tables could have been located anywhere and compliance would have been fine. Now, on the other hand, if I was at a firm that actually gave a shit about their customers, security might have been an issue with the cloud, but who knows.
"...I can say that there is much less auditing in real time than you think. It seems all of it happens after the fact, after sh*t hits the fan. Our tables could have been located anywhere and compliance would have been fine...". > not in the firms where I worked prev. nobody checks in "realtime" but for sure you can't put app/data in The Cloud
dev
-
"...I can say that there is much less auditing in real time than you think. It seems all of it happens after the fact, after sh*t hits the fan. Our tables could have been located anywhere and compliance would have been fine...". > not in the firms where I worked prev. nobody checks in "realtime" but for sure you can't put app/data in The Cloud
dev
-
devvvy wrote:
not in the firms where I worked prev. nobody checks in "realtime" but for sure you can't put app/data in The Cloud
Just out of curiosity, why not? Why is the "Cloud" worse than colocations in their eyes?
why not check realtime? For example, sensitive folders if you need scan folder permission/file permission it can take time. Why "Cloud" worse than colocations? --> have you taken questions from auditors from within firms? Consider a scenario, say your data stored in outsourced data center with dedicated server (That's already one step up in comparison to cloud). Lets say room where backup takes are stored cabinets are shared with other clients (or even competiting firm). Even if all backup tapes are encrypted you will get questions from auditors along the line "Who has physical access to these cabinets", "How access permission is granted", "Access history reviewed?", "Data center/vendor submit access log for review how freq and by who"?, "Cabinets and tapes clearly marked?", "What procedure in place to avoid mixing up tapes between us and our competitor/other clients", "Other clients restricted from physical access to cabinets or room where cabinets resides"? -- imagine will you run your apps in cloud what kind of questions you'd get "colocation" is fine - in fact some most sensitive applications in program high freq trading do this to minimize latency. But "colocation" is verrrry diff from "Cloud" where you have no control over security/access/confidentiality your risk/compliance will give you hell
dev