If you are about to hand the day to day running of your company’s technology and handling of data to a third party, you had better be sure they know what they are doing, and that what they are doing matches your requirements. The business case for adopting cloud computing is already clear for many: it can save a lot of money, …
Why if you want to get assurance over someone's compliance with an ISO standard would you look at a SAS70? The thong to insist on is a certificate from a reputable, accredited certifying body. Using a SAS70 for this like trying to tell whether someone is fit to drive by looking at their MOT.
"a company like Microsoft would be destroyed if it gave away data through a lapse in security"
Not like infected windows boxes have been doing for years and years then?
Oh sorry, this is "the cloud" so normal rules of trust don't apply...
I agree that the cloud (or partial outsourcing because that is what it really is) can be a nice play for some companies for some applications. But I think the play is short term. And I think more attention needs to be paid to the support issue.
It's tough enough tracking down a bug in a vendor ERP application today when it's all in-house. It's going to be much harder on the cloud.
Maybe not today when the vendors are lining up to sell you their clouds. But in a year when they cut support to squeeze out another fraction of a point of margin. Or the year after when they move that support to a low cost country. Or the year after that when they cut support again.
Fun times ahead, indeed!
automatic updates ?
Err, automatic updates would be a total fail.
The correct answer is, updates to our part of the cloud will be applied only if and when we ask for them. Before any such changes we need to verify that our applications are not affected adversely; if there are any problems then we may want some updates applied but not others. Either we have full control over 'our' cloud, or the whole thing is just a bad re-implementation of the old bureau systems. Surely the whole point of the cloud concept is that each customer treats the cloud as their own system & the cloud provider worries about implementing this for loads of customers ?
I hope that guy paid for lunch, with drinks.
re: "but a company like Microsoft would be destroyed if it gave away data through a lapse in security"
Where have you been the last 20 years? Microsoft, and others, have allowed more data to be given away (read stolen) than most countries security services have ever collected.