The hype about cloud computing is deafening, yet plenty of data storage should stay very much in-house. Kenneth Hess discusses the limits of the public cloud.
Cloud discussions aside, business is risky enough without adding another unknown variable to the equation. The public cloud offers inexpensive computing power, rapid application deployment, elastic bandwidth allocation and a slew of security problems. However, the risk isn't necessarily the fault of the public cloud provider, it's yours. When you deploy a workload to the cloud, you're exposing it to the entire planet, and not all of the planet's inhabitants are benevolent, productive members of society. There are those who would steal your information, ransom it or display it to all the world's eager eyes.
If you don't believe there's a problem with public cloud offerings, look at this recent warning from the European Union to its members. You should never deploy any of these 10 workloads to the public cloud unless you're willing to absorb the legal and financial impacts of their impending decimation.
Note that this discussion focuses on self-deployed applications and services -- not those sold by cloud-based software companies or hosting providers.
Databases aren't inherently insecure, but the applications that access them can be, and that spells disaster for your data. It's possible to add protection for your data with practices, such as tunneling the connecting between your application and the database, scrubbing the data before attaching to the database, and always using secure protocols and certificates when processing data.
Placing email services on the Internet is equivalent to placing a neon sign outside your house that reads, "We're not home and we've left the doors unlocked." If you're thinking security through obscurity will help you, don't go there. Changing the port numbers has no effect. If you want your private email read by the world, set up your email services in the cloud. Unlike databases, email protocols are inherently insecure. It is possible, however, to make email more secure by using secure protocols and signed certificates.
Read the rest at ServerWatch.