You are posting a comment about...
Cloud Computing: Trust but Verify
The rush to cloud computing has brought about amazing new services, but, without adequate vendor monitoring, businesses may be building digital supply chain risks that will show up later when cost and market pressures are felt by cloud vendors. We can learn from business processing outsourcing experiences.
The New York Times reports today a $280K+ OSHA fine against a Hershey’s chocolate packing plant in Pennsylvania. The fine was for injuries and safety violations at the plant over four years. The plant is owned by Hershey’s and used for packing Reese’s cups, Kit-Kat bars and Hershey’s Kisses. Its operations had been outsourced to another firm, Exel. Exel in turn outsourced labor to a temporary help firm that employed, among others, international student labor. This is the kind of violation that could have been avoided if Hershey’s had monitored that plant’s operations and Exel’s results during the four years.
Monitoring is critical to digital outsourcing and cloud computing. NIST Special Publication 800-144 (“Guidelines on Security and Privacy in Public Cloud Computing”, December, 2011) is the best and most current written document on how to maintain security and trust, while benefiting from new public cloud services.