PDP (of gnucitizen fame) masterfully stitched together a collection of mixed metaphors, generalizations, reductions to the ridiculous and pejoratives to produce his opus magnum on cloud computing (in)security titled "The Cloud Is Not That Insecure."
Since I have spent the better part of my security career building large "cloud-like" services and the products that help, at a minimum, to secure them, I feel at least slightly qualified to dispute many of his points, the bulk of which are really focused on purely technology-driven mechanical analogies and platforms rather than items such as the operational, trust, political, jurisdictional, regulatory, organizational and economical issues that really go toward the "security" (or lack thereof) of "cloud-based" service.
Speaking of which, PDP's definition of the cloud is about as abstract as you can get:
cloud computingis quite broad and perhaps it is even a buzword rather than a well-thought term which describes a particular study of the IT field. To me
cloud computingrefers to the process of outsourcing computer cycles and memory keeping scalability in mind."
Well, I'm glad we cleared that up.
At any rate, it's a seriously humorous read that would have me taking apart many of his contradictory assumptions and assertions were it not for the fact that I have actual work to do. So, in the issue of time, I'll offer up his conclusion and you can go back and read the rest:
So, there you have it. Those of you who "know what you are doing" are otay and thanks to security by obscurity due to a lack of trust, cloud computing is secure. That's not confusing at all...
This probably won't end well, but...