CEO Blogs

Combine Fear, Uncertainty, and Doubt — and you get FUD, which has been on my mind lately because it so often involves attempts to thwart adoption of newly-emerging, better solutions. Consider these two tales of FUD:

The first tale, from the late 1880s, is often referred to as the War of Currents. It’s about a powerful group of direct current (DC) supporters who fought fiercely against the new, more cost-effective alternating current (AC) with a range of FUD stunts, from electrocuting animals to building the first electric chair. DC’s supporters eventually lost — because FUD can slow, but not stop, real progress.

“ We have spent over 12 years building our reputation and trust; it is painful to see us take so many steps back due to a single incident. ”
—Tony Hsieh, CEO, Zappos, after the company suffered a data breach in which 24 million customer records were stolen

In the wrong hands, the sensitive data your business depends on becomes a weapon wielded against it. And it’s happening more often every day.

Reports of intellectual property theft and hacktivism abound, and 2011 has been widely described as “the year of the data breach.”

It’s not hard to see why.

In 2011 alone, according to the nonprofit Online Trust Alliance , 126 million data records were compromised in the United States.

Just about every day, I hear yet another horror story about data loss.

To my ears, that term — ‘data loss’ — doesn’t do the problem justice. ‘Data loss’ sounds almost innocuous, too much like ‘Gee, I misplaced my gloves, anybody seen them around?’

Cloud computing that involves processing sensitive or regulated data in shared environments needs extra scrutiny in terms of security (as well as codifying requirements, defining a cloud services contract, managing the transition from in-house to cloud, and overseeing the resulting mixed IT environment).

Cloud security is at risk when…

You don’t have an adequate cloud-oriented governance/risk/compliance framework,
The hypervisors in your virtualized infrastructure harbor vulnerabilities that can be exploited,
It’s possible to infer information about one virtual machine by observing the state of the shared system from another aspect of the underlying system — which might enable malicious code execution, or
When vulnerabilities are introduced by incorrect configuration of a hypervisor and/or its related tools.

Rare is the information technology professional these days who doesn’t understand the prodigious efficiencies and savings that can be derived from virtualization . Yet, too often virtual machines are deployed insecurely. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they replace.

That’s because too often virtualization projects tend to be developed and deployed without considering security. This can result in vulnerabilities that enable bad guys to compromise the hypervisor/ virtualization layer (e.g., DoS attacks), which can spread to all hosted workloads.