You must be living under a rock if you think the cloud isn't secure enough for the enterprise.
The “cloud”, or Commercial offerings in storage, VMs, etc are reasonably “secure” in a very general context these days, that is generally true.
OTOH “cloud” AI (commercial inference) is going to use your data for training, incorporating your business processes and domain specific competencies into its innate capabilities, which could eventually impact your value proposition. Empirically, this will happen, eventually, regardless of the user agreement that you signed.
Leakage of proprietary competencies is what is meant by being insecure, in this context.
Second, “cloud isn't secure enough for the enterprise” should be replaced with “enterprise actually cares about security except as a cost/benefit analysis”.
Sending your data to someone else’s data center is a really good way for your data to potentially end up on someone else’s computer. In fact, it’s pretty much the point. If security was the priority, they wouldn’t do that.
Empirically we know that the data is the most valuable input to cloud services, and eventually it will be used, regardless of the user agreement. When the stored data becomes worth more than the company, it will be eaten and stripped by vulture capital. Law of the jungle, baby.
Just one of the later examples of a very long list of cloud data breaches affecting millions of users. But hey who cares as long as it does not affect your own bottom line.
Any fintech (and these can afford smart people) is building with defense in depth, encrypting everything with their own keys, using ephemeral credentials (eg issued by hashicorp vault), etc, etc.
You're seemingly applying your own experience with cloud-based storage, like Dropbox, to the enterprise cloud-based infrastructure.
I don't feel like I should spend any time laying out my professional experience with these environments, I guess you could just skim through one of the books and watch a couple hours long video explaining layers of the leading "cloud" offerings.
And yes, eventually the breach will happen. Like it happens on premise all the time. 2014 Sony and 2020 Solar Winds are good examples.
Let's agree to disagree, I really don't want to spend any more time on this, I know how a good solution (passing multiple audits and pentests) looks like, you however have your opinion. I'm not going to fight you :)
Take care!
Such a bizarre interpretation considering we still use SMS
