Posted By USFN,
Tuesday, May 7, 2013
Updated: Monday, November 30, 2015
| Comments (0)
May 7, 2013
by Shawn J. Burke
ServiceLink, FNF’s National Lender Platform – USFN Associate Member
Security is a hobby of mine. I run into all sorts of technology and configurations and all of them have impacts on security. Understanding and examining security is something I enjoy. That build-up is to introduce my personal security mantra: Nothing in and of itself is secure or insecure; it’s all about how something is used and configured. People are often frustrated by this viewpoint. They look for the magic piece of software or the hardware configuration that will — for now and till the end of time — keep them secure. That just isn’t possible.
Software, for instance, is only as good as the configuration and use. It’s analogous to putting all of the best locks on your front door; if you fail to lock them on leaving, they are useless. Security configurations are similar in that as soon as a good one is made, a world of people are trying to break it. Liken this to the use of very complicated P@$$w0^d strings, which now are considered relatively insecure in and of themselves. “To be secure” is an active process, requiring knowledge and consistent review of what is in place. Sorry, I know it would be easier to spend money once upfront and just be done with it. The good news, however, is that “The Cloud” can be secure if done correctly.
Some folks think that “when data is on my local computer and servers, people can’t get to it like in the cloud.” If that is your thinking, I hope you’ll reconsider. In an internet-connected world with spyware, malware, and unhappy employees you can’t know that this is true. Even in this scenario, one must be actively monitoring and working to ensure safety. This raises the question: can you afford to do that monitoring yourself? Or will you be better protected with a major company, which has many dedicated staff working to address these concerns, doing the hosting and managing?
Another frequent thought, which fortunately is no longer true, is this one: “Hosting in the cloud means all of our servers can be seen by other people hosting in the cloud. We cannot afford that with our auditing requirements.” Service companies have been working feverishly to improve on early security concerns about “The Cloud.” There are now a number of options available in cloud hosting that allow your servers to be safe in the cloud. This is an example of security as an ongoing process.
Before wrapping this up, let me provide you with a quick “cheat sheet.”
- If security is your concern, choose reputable companies. Savvis, Latisys, or Rackspace are some companies I have worked with, providing various secure options, and they are current Gartner leaders in their space.
- Do you need your servers to be firewalled away from anyone else’s servers? Then stay away from public cloud offerings that don’t offer firewall configurations. Most major vendors offer configurations that provide firewalls to your servers in the cloud.
- Do you have a large company with sophisticated needs that just can’t commingle with “everyone else?” Then what you need is a private cloud. In this context, you are really getting your own hardware for “The Cloud” dedicated to your company. The advantage over managing this in your own data center is the dedication of specialists who do nothing but hosting. Sure you, too, can hire good people. However, your business will never be focused on hosting; their’s is. Similar to how no one comes to me to ask, for example, the legal ramifications of judicial foreclosures in New York. Instead, they go to USFN attorneys because that’s their specialty and expertise.
© Copyright 2013 USFN. All rights reserved.
This post has not been tagged.