« Reconcile This | Main | Pervasive Cluelessness in Infrastructure Infosec »

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c75869e20134884b1ffa970c

Listed below are links to weblogs that reference Don't Trust. And Verify.:

Comments

Mark O'Neill

Good article. Personally I find that when people say "How can we trust the Cloud?", they are missing the point. The real question is "How can I leverage a Cloud service provider even if I don't trust them, and actually will never trust them". So, though you rightly mention that SSL is part of yesterday's solution, there is an analogy in that SSL was all about overlaying security on an untrusted system (i.e. you may not trust your ISP or indeed your own network admins, but when you use SSL you mitigate against this). So, as you say, it's not about "a magic way to trust the Cloud".

Slonob

No joke, EVERY discussion I had with vendors regarding cloud identity was followed by the vendor being acquired shortly afterward. Someone's reading my mail (Google?). I'm talking Verisign, Tricipher, Arcot, and others.

Gunnar

@Slonob - what do you have against Arcsight, McAfee, and Fortify? ;-P agree, its been a crazy year for security acquisitions and that's an understatement

The comments to this entry are closed.