« Reconcile This | Main | Pervasive Cluelessness in Infrastructure Infosec »


Mark O'Neill

Good article. Personally I find that when people say "How can we trust the Cloud?", they are missing the point. The real question is "How can I leverage a Cloud service provider even if I don't trust them, and actually will never trust them". So, though you rightly mention that SSL is part of yesterday's solution, there is an analogy in that SSL was all about overlaying security on an untrusted system (i.e. you may not trust your ISP or indeed your own network admins, but when you use SSL you mitigate against this). So, as you say, it's not about "a magic way to trust the Cloud".


No joke, EVERY discussion I had with vendors regarding cloud identity was followed by the vendor being acquired shortly afterward. Someone's reading my mail (Google?). I'm talking Verisign, Tricipher, Arcot, and others.


@Slonob - what do you have against Arcsight, McAfee, and Fortify? ;-P agree, its been a crazy year for security acquisitions and that's an understatement

The comments to this entry are closed.