Firewall Wizards mailing list archives
Re: Quote cybersecurity unquote
From: David Lang <david () lang hm>
Date: Tue, 5 Nov 2013 17:38:39 -0800 (PST)
On Tue, 5 Nov 2013, mjr wrote:
Paul D. Robertson wrote:I think dedicated security companies testing and remediating is probablythe most likely new model.Add to that, The Cloud. I finally realized that The Cloud is a good thing. What it means is that those who cannot do IT are going to stop trying. If they can't do system administration or system operations, they're going to step away from the plate and let Amazon or Google or whoever do it. Overall, this is probably for the best.
unfortunantly you are misinterpreting what they are leaving up to Amazon and Google.
They aren't outsourceing the system administration, all they are outsourcing is the hardware administration.
In the process they are deciding that system administrators aren't needed and just get in the way. The developers can take over doing everything because it is easy enough that any developer can get a cloud system online.
This is the same mistake that businesses made about Windows Administration (it looks easy, we don't need any specialists)
to solve the security problem two additional steps need to take place.1. Instead of people getting bare VMs to configure, they need to not have access to the systems, only the applications. There are a few hints of this today (openstack and similar)
2. the 'application definition' needs to not only include what software to install, but also what the allowed communications between pieces (and between the application and the outside world) look like. Then the management tools need to implement the network security transparently to the application developers.
In many ways, much of what's going on in cloud computing is a step backwards for security. While cloud computing can make doing upgrades easier for good admins, it also makes it easier to keep running old software without patching it. Look at how VMWare is pushing their products for the desktop by advertizing that people will be able to keep running Windows XP forever.
David Lang _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Quote cybersecurity unquote Stephen P. Berry (Nov 01)
- Message not available
- Re: Quote cybersecurity unquote Paul D. Robertson (Nov 05)
- Re: Quote cybersecurity unquote mjr (Nov 05)
- Re: Quote cybersecurity unquote David Lang (Nov 06)
- Re: Quote cybersecurity unquote Marcin Antkiewicz (Nov 06)
- Re: Quote cybersecurity unquote David Lang (Nov 07)
- Re: Quote cybersecurity unquote Paul D. Robertson (Nov 05)
- Message not available