Microsoft last week lost a potential European customer for its cloud-based Microsoft Office 365 product over concerns about the Patriot Act allowing U.S. government access to to private data. UK defense contractor BAE Systems said they’d changed plans on advice of their lawyers. Smart lawyers.

If we have to rely on lawyers for data security advice, we’re in real trouble.

Frankly I think the US Government and the Patriot Act would be the least of their problems.  If a defense contractor put their data on a public cloud service it would be an open invitation to Iran, North Korea, China, and others to try to steal it.

It boggles my mind that BAE even thought about putting their data in the cloud, yet stories quoting company officials show they were about to pull the trigger.

In many industries — but especially defense — there must be absolute data security.  They traditionally have had a rigorous process to control where data is kept, how it is kept, how it is accessed, who can access it, etc.  I am troubled by the notion of a major defense contractor letting an external service store their data and have them access it across the public Internet.

How much were they really saving?  How much were they really risking?

Along the same lines there’s the supposed cyber attack on the Springfield, IL water system.  Officially they have stated that nothing happened.  Okay, fine.  But this, too, begs the question: why are utility control systems even accessible from the Internet?

I appreciate the value of being able to call an engineer, have him/her access the system from home, and help fix a problem.  There might be a few legitimate reasons to make critical internal systems accessible from the Internet.  However if you choose allow the connection, then: (1) you need use the best security tools to manage the connection, and; (2) you need to monitor the connection and be able to sever it at the first sign of trouble. That didn’t appear to happen in Springfield

These are both examples of a generational gap in experience.  By laying off all the older engineers and IT experts, industry has created an experience gap in its technology work force and bonehead moves are taking place as a result.  Someone at BAE had no clue it might be a bad idea to put their data on the cloud.

How stupid was that?