From time to time I get involved in answering questions for RFPs. I think it’s a cruel bit of fate that I have to work on thiis side of the equation (for the other side see this post). Fortunately I don’t get involved too often.
One of the things I’ve noticed while perusing these requests is that they seem to be much more “cloud computing” aware. There are generally questions about whether the software runs in the cloud or not.
To be clear, I work in healthcare software. One of the greatest ears of any hospital is the news headline “Hospital leaks thousands of patients’ health records”. From a PR perspective, that’s a worst nightmare kind of scenario.
So while there is an increasing openness or curiosity about cloud computing there is an even greater focus on security. Some of it gets downright invasive: “Show us all the findings of your last third party security audit.”
That’s never going to happen. My legal team would never sign of on exposing that level of operational detail. Even though our third party audits are good, that’s information that a hacker would love to get their hands on. So it has to stay secret. Very secret.
In case you are wondering if I’m blowing this all out of proportion, just take a look at Yahoo!. Verizon cut $350 million off their purchase offer – owing in large measure to the leaky sieve security that seems to be coming out of Yahoo’s products.
So to summarize, cloud computing is wonderful. It’s nice not to have to mange all the hardware locally. But it has to be secure, or it’s a non-starter.
Source: SANS ISC SecNewsFeed @ February 26, 2017 at 06:12PM