Thread: Registry to stay??

The problem with the cloud is it is a shared responsibility model (see here: https://learn.microsoft.com/en-us/az...responsibility )

Basically:

For all cloud deployment types, you own your data and identities. You're responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control.

The problem is a lot of orgs do not properly take responsibility for their data and identities. This includes prevents the cloud provider (in this case Microsoft) having access to that data. In fact it's increasingly more difficult to keep the cloud providers nose out of your data as they offer you all sorts of services that depend on that access (keeping them out of your data may also impact on pricing, ie it goes up a lot).

There is also a challenge in that securing cloud is a fairly expensive exercise. Microsoft do offer bundled security services, but they are what we (in the industry) term MVP... a Minimal Viable Product. It does the bare minimum , and it still costs you $$$, but the good security products are from other vendors and cost you $$$$$$... and it's hard to setup... and it's hard to find people in NZ who can do it properly.

I can tell you outright that the likelihood of a data breach/or data leak will go up if the registry is moved to cloud, especially given Polices constrained budget/limited resources they always seem to be working under.

A lot of people are under the illusion that cloud is cheaper, but it's not. But vendors like Microsoft are making it harder and harder to not operate in cloud.

Originally Posted by vulcannz

The problem with the cloud is it is a shared responsibility model (see here: https://learn.microsoft.com/en-us/az...responsibility )

Basically:


The problem is a lot of orgs do not properly take responsibility for their data and identities. This includes prevents the cloud provider (in this case Microsoft) having access to that data. In fact it's increasingly more difficult to keep the cloud providers nose out of your data as they offer you all sorts of services that depend on that access (keeping them out of your data may also impact on pricing, ie it goes up a lot).

There is also a challenge in that securing cloud is a fairly expensive exercise. Microsoft do offer bundled security services, but they are what we (in the industry) term MVP... a Minimal Viable Product. It does the bare minimum , and it still costs you $$$, but the good security products are from other vendors and cost you $$$$$$... and it's hard to setup... and it's hard to find people in NZ who can do it properly.

I can tell you outright that the likelihood of a data breach/or data leak will go up if the registry is moved to cloud, especially given Polices constrained budget/limited resources they always seem to be working under.

A lot of people are under the illusion that cloud is cheaper, but it's not. But vendors like Microsoft are making it harder and harder to not operate in cloud.

The cloud is a toxic curse as far as a user's perspective of microsoft (or as we used to call them micromakeithard) is concerned. All of the info I have on microsoft format documents that were created on a locally held copy of their software no longer work on the cloud-format software versions - all of the formatting is farked up as well.

It's almost enough of a reason to go to linux I tell ya.

My cloud experience does not give me any confidence in the service, been cut off three times now when I really needed access due to other outfit's cockups and service outages - it's easier and quicker to fix from backups held locally so you still need to do that even with cloud. What's the point (apart from slightly improved travelling access versus using a local server with net-based access).

Security we just have to face up to the fact that Police don't do that - their implementations of tech projects appear to be legendary in terms of overruns, underdelivery and cost blowouts. A legacy of underresourcing and competing priorities when organisations are pulled off core business for whatever reasons.