One of the areas we've been looking at is how much of our commodity services we can outsource. Student email is an obvious one (and we're dong that from September), but what about staff mail, file storage. Everything comes with a risk, and these have to be analysed and assessed and a decision taken. One of the criticisms often thrown at us is that we can appear to be risk averse. I'm a great believer in taking risks, as long as they have been carefully assessed and the consequences of the risk materialising or not are fully understood.
The company Twitter took a risk when it started up by using Google for email and storing their corporate data with them in the cloud. I don't know how carefully they assessed the risk, what security measures they should put in place, and and the possible damage that could be done to the company if that data somehow got out, but they might be wishing they'd looked a bit closer at it now.
A french hacker announced yesterday that he'd managed to get hold of hundreds of confidential documents, apparently by using password recovery techniques (ie guessing the answers to key questions and having the paswords mailed to an address of his choosing). The technology blog Techcrunch has got hold of this information and is in the process of publishing parts of it. There's a row going on about how ethical it is for this information to be published, but alongside that, and more relevant to us, questions are being asked about just how secure cloud computing is. There's no question that Google's servers were hacked, just that Twitter employees did not have very secure passwords or password recovery questions.
It's an issue we will have to deal with carefully as we make decisions about whether to make more use of the cloud and what for. It all goes back to the main security weakspot in any system being people!
EDIT: If you're interested in how that hack worked (and it was relatively simple), Techcrunch have published it here. Makes sobering reading for those of who use a lot of web apps and struggle to remember passwords.