Everyone is answering this like a bunch of IT folks. It really comes down to a risk/cost/reward issue. What I the (increased) risk of being ‘hacked’ on the cloud vs what in a lot of cases is an outsourced IT department (not really much different than a cloud IMO) and what is the perceived cost of any data breach – vs the increased cost of hosting the application vs the cloud.
Basically we in IT look at it as an absolute of which is better, but upper management – the folks with the purse strings – look at it from a cost accounting perspective. For some, the data stored in an ITSM suite system (custom apps aside – which is where BMC (or should I say Baine Capital) has shoved them) isn’t more than a mechanism to process service desk calls. In effect, unless we’re storing PII in the system (SSNs, etc) is there really a financial risk with the ITSM system being hacked. Now I know the next statement would probably be that the CMDB contains information on other systems within the environment that does contain that type of information, but then it would require that information to contain information on how to access those other systems. I might be a bit naïve here, but I really don’t see (in most instances) where upper management would find the risk to exceed the savings. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Rick Cook Sent: Wednesday, June 15, 2016 7:29 PM To: arslist@ARSLIST.ORG Subject: Re: Question - Service Now ** Amazon has already been hacked at least once. I know of one DoD RoD customer that hosts their own instance for security reasons. Rick On Jun 15, 2016 16:10, "Joe D'Souza" <jdso...@shyle.net <mailto:jdso...@shyle.net> > wrote: ** I think it mostly comes down to the answer to this question – would you be ok to let a valet drive and park an expensive car or motorcycle you own or would you want to do it yourself. Would you trust that valet to tell you after he has parked it if he accidentally dinked it or hit a huge pot hole if that dink or damage is not easily visible? If so maybe you are the kind of person for who services like the cloud would work quite well with if functionally it offers you everything else you have been looking for. Personally I do not think that services that host cloud based services publicly acknowledge their service was compromised in the odd event it was unless it was quite obvious it has been to the end customer which can sort of be a disturbing thought. There may or may not be a threat or a breach every month.. Maybe every week. Maybe even every day. I honestly do not think they would upfront about such incidents when and if it occurs unless it was quite fatal. It could mean a risk to their business and they would not want that. Joe _____ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> ] On Behalf Of Pierson, Shawn Sent: Wednesday, June 15, 2016 8:49 AM To: arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> Subject: Re: Question - Service Now Just to play devil’s advocate, theoretically someone whose business depends on their internet-facing servers being trusted is going to likely spend more money on security than a company that sells widgets as their primarily line of business and views I.T. security as just an expense. I don’t know who hosts Service Now or BMC’s cloud servers, but I’d expect that they probably take it very seriously. Things can definitely slip through but if we’re all deploying MyIT and such to give people access to Remedy via their smartphones and tablets off the network, it’s really a question of whose cybersecurity you trust more. Thanks, Shawn Pierson Remedy Developer | Energy Transfer From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> ] On Behalf Of Joe D'Souza Sent: Tuesday, June 14, 2016 8:28 PM To: arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> Subject: Re: Question - Service Now ** Exactly – but I would like to add its as safe as someone else’s computer who gives access to some of his trusted associates facing the internet. So once out there, it is as safe as any other “shared” resource with “limited public access” on the internet is. Whether you like it or not, that exposes the system to a few more vulnerabilities than a system that is internal and intranet facing. So whether it is ServiceNOW’s cloud or any other, it is the one risk you need to assume before investing in it. Joe _____ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Rod Harris Sent: Tuesday, June 14, 2016 8:44 PM To: arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> Subject: Re: Question - Service Now ** If only I had a like button. Yes, cloud does seem to be a bit of a buzzword that you have distilled nicely with that T-shirt slogan. Thanks JDHood. On 15 June 2016 at 10:35, JD Hood <hood...@gmail.com <mailto:hood...@gmail.com> > wrote: ** It may be a T-Shirt slogan, but it's relevant nonetheless: "...There is no "Cloud" - It's just someone else's computer..." -JDHood On Tue, Jun 14, 2016 at 8:19 PM, Joe D'Souza <jdso...@shyle.net <mailto:jdso...@shyle.net> > wrote: ** I do recall hearing rumors it was – not sure how long time ago. But take that information with a grain of salt as I do not know much details of what I had heard. ServiceNOW is primarily a system hosted on the cloud so is as vulnerable or strong as any other system on the cloud. So IMHO if security of your data is one of your top concerns, the cloud may not be the best place for you to be at. However strong the security, there is always a loophole to be found for someone who has the intent to find one. While this is true for systems hosted internally too, at least the vulnerability of the system isn’t exposed to the world if your system isn’t internet facing. Joe _____ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> ] On Behalf Of Sanford, Claire Sent: Tuesday, June 14, 2016 3:17 PM To: arslist@ARSLIST.ORG <mailto:arslist@ARSLIST.ORG> Subject: Question - Service Now Does anyone know if Service Now has ever had their servers (with customer’s data) ever been hacked? _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ Private and confidential as detailed here <http://www.energytransfer.com/mail_disclaimer.aspx> . If you cannot access hyperlink, please e-mail sender. _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
