« Jaquith: Data-Centric Security Requires Devolution, Not a Revolution | Main | Virtualization: An Excuse for Shitty Operating System Software Support »

January 06, 2009

Cloud (in)Security: A Matter of (t)Rust

Skyfalling-angled Alan from the VirtualDC blog wrote a great post today titled "Cloud Security: A New Level of Trust" summarizing some of his thoughts regarding Cloud (in)security.

It's a little depressing because that "new level" of trust he's referring to isn't heightened, it's significantly reduced.  I'll hack his longer post a bit to extract two interesting and relevant nuggets that focus on the notion of this changing nature of trust:

  1. Security has different meanings and requirements depending on the context of how a particular service is accessed or invoked.
  2. So moving forward, as the security people tear apart the (in)security of cloud computing, the rest of the world will just need to take that leap of trust. A lowering of our standards for what we can control in the cloud’s outsourced data model.

In simply closing our eyes, holding our breath and accepting that in the name of utility, agility, flexibility, and economy, we're ignoring many of the lessons we've learned over the years, we are repeating the same mistakes and magically expecting they will yield a different outcome.

I'll refer back to one of my favorite axioms:
Secconven
We're willing to give up and awful lot for the sake of convenience, don't you think.  Look, I accept the innovation and ultimate goodness that will come out of this new world order, really I do.  Heck, I use many of these services. 

I also see how this new suite of adapted services are beginning to break down in the face of new threats, use cases and risk models by a cross-pollinated generation of anonymized users that simply do not care about things like privacy or security -- until it affects them personally.  Then they're outraged.  Then the next day, they're back to posting about how drunk they were at the orgy they attended last night (but they use SSL, so it's cool...)

So for me, security and the cloud is really a matter of RUST, not trust: the corrosion of expectations, requirements, controls and the relaxation of common sense and diligence for the sake of "progress."

Same as it ever was, same as it ever was...

/Hoff

Posted at 04:16 PM in Cloud Computing, Cloud Security |

Tags: Chris Hoff, Christofer Hoff, Cloud, Cloud Computing, Cloud Security, CloudSec, Rational Security, Rational Survivability, Trust, VirtualDC Blog

Comments

My Photo

About

Disclaimer

  • The views and opinions expressed here are those of Christofer Hoff only and in no way represent the views, positions or opinions - expressed or implied - of my employer or anyone else.

Archives

More...

Subscribe to this blog's feed

Recent Posts

Recent Comments

Categories

May 2009

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31