Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Quote cybersecurity unquote
From: David Lang <david () lang hm>
Date: Tue, 5 Nov 2013 17:38:39 -0800 (PST)

On Tue, 5 Nov 2013, mjr wrote:

Paul D. Robertson wrote:
 I think dedicated security companies testing and remediating is probably
the most likely new model.

Add to that, The Cloud. I finally realized that The Cloud is a good thing. What it means is that those who cannot do IT are going to stop trying. If they can't do system administration or system operations, they're going to step away from the plate and let Amazon or Google or whoever do it. Overall, this is probably for the best.

unfortunantly you are misinterpreting what they are leaving up to Amazon and Google.

They aren't outsourceing the system administration, all they are outsourcing is the hardware administration.

In the process they are deciding that system administrators aren't needed and just get in the way. The developers can take over doing everything because it is easy enough that any developer can get a cloud system online.

This is the same mistake that businesses made about Windows Administration (it looks easy, we don't need any specialists)

to solve the security problem two additional steps need to take place.

1. Instead of people getting bare VMs to configure, they need to not have access to the systems, only the applications. There are a few hints of this today (openstack and similar)

2. the 'application definition' needs to not only include what software to install, but also what the allowed communications between pieces (and between the application and the outside world) look like. Then the management tools need to implement the network security transparently to the application developers.

In many ways, much of what's going on in cloud computing is a step backwards for security. While cloud computing can make doing upgrades easier for good admins, it also makes it easier to keep running old software without patching it. Look at how VMWare is pushing their products for the desktop by advertizing that people will be able to keep running Windows XP forever.

David Lang

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]