Craig Balding raises the following issues related to security cloud computing. Since some of the issues concern to the theme of this blog, opensource, open standards and open web, I thought I will link the concerns here. Some of the issues highlight the need to have a cloud computing infrastructure without any proprietary software infrastructure.
Multiple cloud storage providers for a single app, raises some issues.* Is ISV obligated to tell you they are migrating to a cheaper cloud storage provider? (think cross border data transfer issues).
* What security ‘certification’ will take place of the new provider and what visibility will you have of that?
* How much notification do you get before the switchover?
* If you don’t want to go with the new provider, but that is the only supported option, what happens to all your data? Even if we *assume* an export function is provided you still need to find an alternate ISV that has coded a compatibility layer to access your existing data. If you can’t, where do you export the data too? Will we have ‘frozen clouds‘?
* What integrity checks take place to ensure data was properly migrated over?
* When the migration happens, what clean-up happens at the source? (can anyone say forensic wiping?). What about any backup tapes or off-line copies? Who is responsible for making sure those are wiped/destroyed?
