Firewall Wizards mailing list archives

Re: Quote cybersecurity unquote

From: David Lang <david () lang hm>
Date: Tue, 5 Nov 2013 17:38:39 -0800 (PST)

On Tue, 5 Nov 2013, mjr wrote:

Paul D. Robertson wrote:
 I think dedicated security companies testing and remediating is probably
the most likely new model.
Add to that, The Cloud. I finally realized that The Cloud is a good thing.What it means is that those who cannot do IT are going to stop trying. If theycan't do system administration or system operations, they're going to stepaway from the plate and let Amazon or Google or whoever do it. Overall, thisis probably for the best.

unfortunantly you are misinterpreting what they are leaving up to Amazon andGoogle.

They aren't outsourceing the system administration, all they are outsourcing isthe hardware administration.

In the process they are deciding that system administrators aren't needed andjust get in the way. The developers can take over doing everything because it iseasy enough that any developer can get a cloud system online.

This is the same mistake that businesses made about Windows Administration (itlooks easy, we don't need any specialists)



to solve the security problem two additional steps need to take place.

1. Instead of people getting bare VMs to configure, they need to not have accessto the systems, only the applications. There are a few hints of this today(openstack and similar)

2. the 'application definition' needs to not only include what software toinstall, but also what the allowed communications between pieces (and betweenthe application and the outside world) look like. Then the management tools needto implement the network security transparently to the application developers.

In many ways, much of what's going on in cloud computing is a step backwards forsecurity. While cloud computing can make doing upgrades easier for good admins,it also makes it easier to keep running old software without patching it. Lookat how VMWare is pushing their products for the desktop by advertizing thatpeople will be able to keep running Windows XP forever.


David Lang

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Quote cybersecurity unquote Stephen P. Berry (Nov 01)
- Message not available
  - Re: Quote cybersecurity unquote Paul D. Robertson (Nov 05)
    - Re: Quote cybersecurity unquote mjr (Nov 05)
    - Re: Quote cybersecurity unquote David Lang (Nov 06)
    - Re: Quote cybersecurity unquote Marcin Antkiewicz (Nov 06)
    - Re: Quote cybersecurity unquote David Lang (Nov 07)
- Re: Quote cybersecurity unquote Anton Chuvakin (Nov 10)