I wanted to share a fascinating conversation I had with a couple of participants I met at the INTEROP New York conference yesterday. We were comparing company business requirements for Internet security. Although our conversation wasn't specifically centered around cloud, these would all certainly apply to cloud implementations. What is interesting to me are the variety of business reasons for the security concerns.
A world wide religious organization needs to protect identity and privacy of communications with employees and members in countries around the world. In some countries, possession of religious content that is different from a country’s official religion can lead to arrest and even threats to life.
A large chip manufacturer has design and engineering in the US, and fabrication and testing in China. Transporting multi-gigabyte data streams such as test results take 3 days, partially due to two nosy intelligence agencies carefully perusing unrecognized data that is in proprietary, unfamiliar formats.
A global software company is subject to European privacy laws, and thus has very stringent rules about what customer data can be collected and how it can be stored. This affects the third party cloud services that can be contracted by business units, and a conversation with IT is needed to screen potential services.
What interesting security requirements have you heard about in other companies? Please share!