My job requires me to talk with customers, engineers, and peers across the United States.  My statements do not reflect that of any employers (past or present).

Today, I’ll share some generalized questions and historical thoughts which we can’t forget.  (Like the year I broke my neck.  Just can’t erase the thought.)

Are data loss incidents trending downward as Cloud providers continue to improve security measures? 

Source:  Open Security Foundation/DataLossDB.orgSource:  Open Security Foundation/

Are we comparing apples to oranges?  Microsoft Office 365 SharePoint online provides a full service highly available solution with backup.  The latest numbers were 99.97 percent uptime.  Microsoft implemented the Information Technology Infrastructure Library or ITIL process, which is a continually improving process and performance model.

The Apples!  So, what about the Oranges:  A three-tier installation of SharePoint with one Web Front End (WFE) server, an application server for search and web applications, and a single SQL Server all running atop Windows Server 2008 R2.  Hmmm….

I like the Oranges – must less costly.  Are they applying ITIL by continually improving the process?

Which one do you prefer?

Wait!  I am a remote worker on the road 80 percent of the time.  I like the Apples, it’s always on and I can connect to it from anywhere, anytime, with any device and I feel pretty good. Microsoft is protecting my data.

First, we are using SharePoint primarily for document sharing and collaboration.  How do you share a document today?  I just emailed an attachment.  Oh…SECURITY alert, where is that document going and what’s in it?

We can be storing documents in Office 365.  We are not sure who can see those documents.  Hmmm…what about the employee that just emailed the file attachment to someone.  Oh, that someone thought it would be good for the contractor to see it to, so it was forwarded to them.  The contractor thought it was a great document, so they forwarded to all the engineers.

So, the questions:  Are documents stored on Office 365 safer than a document attached to corporate email and sent to who knows where it went downstream?  Hint:  Office 365, with Information Rights Management, protects your documents when configured correctly to protect sensitive files.

Let’s quick jump back to Apples and Oranges.  We need to add something to our Oranges which is already a piece of the Apple.  Starting to lean toward Apples with greater TRUST?

We continue… another requirement comes in from the “remote worker.”  Now that we can’t send emails with file attachments to people outside the company, how can I share a file?

Well, we need a project to set up a DMZ, SSL and some remote proxy servers and create a provisioning tool to add users to our Active Directory domain to allow them to sign in.  Just a few more Oranges and a few months to enable this requirement.

The remote worker liked the Apples already.  They heard sharing a link to the document was simple by either a “guest” link or a “secure” link, which requires authentication.  Oh, did I say there was no requirement for the remote worker to submit a form or get permission.  After all, the remote worker is responsible for the document and its contents – isn’t he?  He could have emailed it as an attachment.  However, the version may be out of date by the time the recipient opens their email.

The question is moving from “to cloud or not…” toward “when to cloud and what to cloud today?”

There are smarter people then I, who are investigating what a secure cloud looks like.  Follow along as Cloud Forensic Science Workshops are an integral part of readiness.