mailing list archives
Re: Quote cybersecurity unquote
From: David Lang <david () lang hm>
Date: Tue, 5 Nov 2013 17:38:39 -0800 (PST)
On Tue, 5 Nov 2013, mjr wrote:
Paul D. Robertson wrote:
I think dedicated security companies testing and remediating is probably
the most likely new model.
Add to that, The Cloud. I finally realized that The Cloud is a good thing.
What it means is that those who cannot do IT are going to stop trying. If they
can't do system administration or system operations, they're going to step
away from the plate and let Amazon or Google or whoever do it. Overall, this
is probably for the best.
unfortunantly you are misinterpreting what they are leaving up to Amazon and
They aren't outsourceing the system administration, all they are outsourcing is
the hardware administration.
In the process they are deciding that system administrators aren't needed and
just get in the way. The developers can take over doing everything because it is
easy enough that any developer can get a cloud system online.
This is the same mistake that businesses made about Windows Administration (it
looks easy, we don't need any specialists)
to solve the security problem two additional steps need to take place.
1. Instead of people getting bare VMs to configure, they need to not have access
to the systems, only the applications. There are a few hints of this today
(openstack and similar)
2. the 'application definition' needs to not only include what software to
install, but also what the allowed communications between pieces (and between
the application and the outside world) look like. Then the management tools need
to implement the network security transparently to the application developers.
In many ways, much of what's going on in cloud computing is a step backwards for
security. While cloud computing can make doing upgrades easier for good admins,
it also makes it easier to keep running old software without patching it. Look
at how VMWare is pushing their products for the desktop by advertizing that
people will be able to keep running Windows XP forever.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
Re: Quote cybersecurity unquote Anton Chuvakin (Nov 10)