Home > Cloud Computing, Cloud Security, Jackassery, Virtualization > PDP Says “The Cloud Is Not That Insecure” & Implies Security Concerns Are Trivial…

PDP Says “The Cloud Is Not That Insecure” & Implies Security Concerns Are Trivial…

November 21st, 2008 Leave a comment Go to comments

Nosethumb-angled
I haven't been whipped into this much of a frenzy since Hormel changed the labels on the SPAM cans in Hawaii.

PDP (of gnucitizen fame) masterfully stitched together a collection of mixed metaphors, generalizations, reductions to the ridiculous and pejoratives to produce his opus magnum on cloud computing (in)security titled "The Cloud Is Not That Insecure."

Oh.

Since I have spent the better part of my security career building large "cloud-like" services and the products that help, at a minimum, to secure them, I feel at least slightly qualified to dispute many of his points, the bulk of which are really focused on purely technology-driven mechanical analogies and platforms rather than items such as the operational, trust, political, jurisdictional, regulatory, organizational and economical issues that really go toward the "security" (or lack thereof) of "cloud-based" service.

Speaking of which, PDP's definition of the cloud is about as abstract as you can get:

"Cloud technologies are in fact no different than non-cloud technologies. Practically they are the same. I mean the term cloud computing
is quite broad and perhaps it is even a buzword rather than a
well-thought term which describes a particular study of the IT field.
To me cloud computing refers to the process of outsourcing computer cycles and memory keeping scalability in mind."

Well, I'm glad we cleared that up.

At any rate, it's a seriously humorous read that would have me taking apart many of his contradictory assumptions and assertions were it not for the fact that I have actual work to do.  So, in the issue of time, I'll offer up his conclusion and you can go back and read the rest:

So, is the cloud secure? I would say yes if you know what you are
doing. A couple of posts back I mentioned that cloud security matters.
It still does. Cloud technologies are quite secure because we tend not
to trust them.
However, because cloud computing can be quite confusing,
you still need to spend time in making sure that all the blocks fit
together nicely.

So, there you have it.  Those of you who "know what you are doing" are otay and thanks to security by obscurity due to a lack of trust, cloud computing is secure.  That's not confusing at all…

This probably won't end well, but…

Sigh.

/Hoff

  1. No comments yet.
  1. No trackbacks yet.