← Back to context

Comment by belorn

20 hours ago

Go through a security review. It not as simple as just saying "we outsource that so we have no idea what they do or how they manage the data". It is disingenuous to claim that people can just outsource the whole problem and not care.

This would be part of the responsibility of the cloud managers, which need to be hired, paid and trained, on top of the cost of paying the cloud providers. There is no free lunch.

4 comments

belorn

Reply
9dev  20 hours ago

I am responsible for security reviews. I never claimed it was that simple, nor that there was free lunch. I said it is easier to outsource it than to handle it yourself to an equal level of what a cloud provider is able to do, from a legal and operational perspective.

  • belorn  20 hours ago

    Easier is a very subjective measurement. Lets compare two solutions with different hires. One hire system administrators that rent space in a serverhall. The other hire cloud managers that rent space in the cloud.

    What can we definitive say about the difference be in salaries, training, and team size? Can we say anything specific about legal and operational perspective?

pu_pe  18 hours ago

Sorry but I think it is indeed much easier to have a cloud provider take care of those things. That's partly how we came to the situation we are in: a lot of people outsourced this type of work to Microsoft or AWS, because it was easier.

I get what you are saying, that responsibility is still yours for making the correct choices, and to know what the cloud providers are doing. In the real world though hardly anybody cares, even though we have threats like the CLOUD act in place. So, yeah, people should care but ultimately they often don't.

  • belorn  2 hours ago

    Yes, it is true that no one ever got fired for buying IBM. It is also very common that people just use an AI for reviews and then deal with the fallout if anyone actually calls them on the bluff. Paying fines, if anyone do care, are just part of doing business.

    However in the same way, it doesn't then matter much if you are using the cloud or not. The work needing to copy the output of an AI to fill in the forms takes similar amount of time.