« Metricon 4.0 - The Importance of Context | Main | STS - Necessary Cloud Condition »



I think the last sentence "So its less a matter of where the data is or where the computer is, but do you trust the people you are buying hardware, software or services from - that's the real issue and that hasn't changed." is the most telling, but I think it's also incorrect. I think we've entered an era where we do not (cannot?) trust vendors, etc. Or, more importantly, if we do and they burn us, we may still be just as liable, even if the contract says they'll do the right things.

To that end, I depart from your table... I think we've truly reached a point where firewalls+SSL are inadequate. I think we really need end-to-end data encryption - and that means encryption and key mgmt solutions, not just SSL.


Andre Gironda

Google also thinks the cloud is more than a big mainframe.

You can see that they are trading towards real "innovation" in appdev for "innovation only through virtualization" in IT. I've got my money on appdev.


@Ben "I think we've entered an era where we do not (cannot?) trust vendors, etc."

I'll go back to Brian Snow's question - if we cannot trust how can we safely use?


@Andre Google also supports SAML and oauth which are two fundamentally new security protocols that underscore the difference in relationships in the cloud versus mainframe meaning traversing namespaces and factoring in IdP-RP relationships


I think this just illustrates a disconnect in understanding (or defining) what exactly "cloud" means.

Every new technology that comes around adds complexity, both in raw terms but also in how it actually works.

And every time this happens, we have very competent people who may just be behind the curve in understanding what the hell it is and how it works. This causes a huge amount of churn in IT where the old guard is very quickly overlapped by new pups. This carries over to security too.

It doesn't help when media and marketing bastardize 'cloud' so much that many of us just have to give up and wait for it to shake out to have a chance at keeping up with the 20 definitions.

Even last year's stuff is still hard. How many network guys know the implications of a listening Web Service? And vice versa? But that will never mean network security goes away, because it all still runs on top of what we've used for 5, 10, 25 years. The end result is like a wound with an overly thick layer of bandages on it, but the wound still lingers and makes us gimpy.

The comments to this entry are closed.