March 15, 2011

Last Updated on January 17, 2024

Do you have Nephophobia?

At a recent CISO Executive Network event in Philadelphia, Peter Stern from IBM began his presentation with the term Nephophobia: Fear of clouds.  I loved the clever intro so I decided to borrow it for this blog article.

Where is the cloud?

Apple, Google and Amazon already launched their own cloud and now Microsoft has joined them as another company to store your data on the web. With computers becoming a necessary part of living, educating, learning and working, it is a smart move for more companies to start building their clouds.
“Cloud computing is Internet-based computing, whereby shared servers provide resources, software, and information to computers and other devices on demand, as with the electricity grid.” – Wikipedia
So how is it helpful to the average consumer? Here is a perfect example. By using Office 365 or Google Docs, a student can write the paper for class and save it to the cloud. The advantages of having that document in the cloud are as follows.

  1. The document is backed up off-site. Meaning, god forbid the student’s computer crashes, the file is safe and can be restored at any time.
  2. The document can be accessed from anywhere. Google Docs was the first (that I know of) cloud system that offered a web-based form of Microsoft Word. Meaning, that same student can edit his/her paper from anywhere in the world without Microsoft Word installed.



Moving right along

So let’s say you’re need for “the cloud” is not for personal use. Let’s say your business has client data, reports, or anything that needs to be shared easily and securely. How does someone know if “the cloud” from Company X is secure? That’s the fun part.
I have been working here at Pivot Point Security for a few months now. In that time I have been learning about various forms of information security attestation.  The one, in particular, I want to share is ISO 27001. Before this I had no idea what it was or what the advantages are. Basically, it is verification that the Information Security Management System (ISMS) is compliant with ISO 27001 and the best practices detailed in ISO 27002.  A company that has become ISO 27001 certified means that all of the necessary steps and controls have been taken and implemented to make sure that the design and operation is secure.
Amazon Web Services and Microsoft Office 365 are both ISO 27001 certified.  However, Google Apps and Rackspace are not ISO 27001 certified, but are SAS-70.  John Verry, ISO 27001 Certified Lead Auditor at Pivot Point Security wrote a great blog post called “SAS-70 is Dead, Long Live the King (ISO 27001?)”. It is John’s opinion that ISO 27001 is the “best general purpose form of information security attestation available right now”.
So now that I shared some interesting information with you, I hope that you begin to look at ISO 27001.  It’s great for business and customers.  In fact, we are finding that more and more of our clients are moving towards ISO 27001 because of their customer demand.