On Sat, Jul 18, 2015 at 01:39:45PM +0200, Florian Weimer wrote:
Well, for one thing, it removes physical access to machines from insiders on your end, and in many cases, also direct access to data, particularly in its bulk form.
With conscious effort and the right resources, you might be able to come with better security controls than the large service providers, but right now, most organizations don't have much of an audit trail for locally run services. I'm not sure if moving data off premises actually results in a net loss of control over it. Note be cause the service providers are so good at security, but because various factors conspire to make almost everyone else so bad.
Well, I don't trust the cloud and don't use it. (I don't trust my boxen in a different way). The cloud owns the CPU and this is enough for me. You should be aware of the numerous virtualization sploits -- Xen, Qemu, possibly others. Exploiting a virtualization bug is just the fee "to be in cloud" and I _suspect_ more efforts are needed for my boxen.