Over the past decade most companies have come to accept ongoing security evaluations as a cost of doing business. Companies take pride in the careful evaluation of vendor products and processes done to limit risk. However, the last two months of revelations have shown us that this straightforward approach is no longer enough.
Revelations in 2012 that Google, Microsoft, and other cloud business vendors were providing customer data to the U.S. government’s PRISM program without a warrant1 woke many up to the risks inherent in cloud storage. However, the last few months haven’t been easy reading for companies who avoid cloud storage either.