At an RSA conference held in the SF bay area, Microsoft and Google representatives both made comments about how cloud security has matured. Both representatives have said that the public cloud is now suitable for business use of all types.
Bruce Schneier is one of the top cloud security architects in the world. He is most notably known for his work with Verizon’s cloud services. When he spoke at the RSA security conference in regards to storing your data in the cloud, he mentioned, “Fundamentally, ‘cloud’ means to me your data on somebody else’s hard drive. Do I trust that other legal entity with my data on their hard drive?” Schneier continued on and said, “In some ways, this is no different than the levels of trust that we have had to have through the years. Vendors can screw our security, make bad decisions, lie to us.”
The conference took an interesting turn when Google and Microsoft representatives began their open dialog about trusting each other and the cloud. An interesting question was posed in regards to Google potentially using Microsoft’s datacenters and vice versa. Both representatives agreed that the framework of trust that already exists and that could make this hypothetically possible, albeit highly unlikely. They said that this type of arrangement would only exist if certain business factors dictated it. In fact, the Microsoft representative Bret Arsenault said, “We do outsource a number of business components today.”
Google representative Eran Feigenbaum was quite candid in his comments when he said, “We do use some competitors’ cloud [systems] today. Some of their services are better than ours, and some of them use ours.”
If Google and Microsoft are willing to use each other’s cloud services because they are comfortable enough with the security framework in place, in addition to the in house security placed on data that can be stored in the cloud, it should make most consumers feel safe about storing public data in the cloud.