Trending Away From the Cloud?

A friend of mine mentioned the other day that they're starting to see trending away from outsourced clouds, with enterprises choosing their own data centers and "private clouds" over those from major providers. This trend has been further corroborated by at least one other colleague in the industry, which leads me to speculate... what in the world are people thinking?

I have no real evidence to back any of this up, but since that's never stopped me before, I'll continue...

My first guess is that this is a psychological knee-jerk reaction. If an incident occurs on an outsourced system or service, then you will feel like you have less control. As a result, you may have a strong inclination to "reclaim control" by bringing the affected resource in-house. The sad truth, though, is that it's extremely unlikely that your org will provide any better security around this resource than your outsourcer did. In fact, the likelihood is very good that your security measures will be worse.

The other thing that fascinates me about this trend is the financial angle. I don't believe for a minute that in-sourcing will be any cheaper than outsourcing. In fact, I'm guessing it'll be more expensive, with no appreciable improvement in security posture. Moreover, I have to wonder if any sort of risk analysis is actually being performed. Rather, it seems to me that you'll spend more money, get hacked anyway, and then you'll look even more foolish.

Unfortunately, organizations still haven't gotten a good grasp on how to manage their outsourcers. In particular, a lot more needs to be done with the legal agreement(s) up front, which means you need to invest a fair amount in high-quality legal representation. This would not be the first time that higher up-front costs have deterred organizations from making good decisions. As I've noted in the past in various fora, people seem to have lost their ability to think long-term (or even mid-term). As a result, the short-term-view-only perspective causes decisions to be made that don't properly consider the entire scope of various risk factors.

In the end, I'm confident that we'll see this trend reverse itself again, especially if the economy keeps sputtering as it has. This delusional belief that the enterprise will somehow be magically better at security than their outsourced providers will come crashing down eventually. Hey, if the likes of RSA can't avoid an incident, then what makes you think your enterprise will fare any better? Quit believing the zero-sum lie that you can stop all attacks. Shift your focus to survivability. In that context, it's very unlikely enterprises can build a cost-effective private cloud that will be anywhere near as resilient as what professional cloud service providers offer.

Chalk it up to another sign of the times... a worsening of unhealthy paranoia and cranium-in-posterior syndrome...

About this Entry

This page contains a single entry by Ben Tomhave published on June 15, 2011 11:46 AM.

Security Is Like Gardening was the previous entry in this blog.

Of Course I Work For Pay is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

  • about
Powered by Movable Type 6.3.7