funsec mailing list archives

Re: All your database (and email) are belong to us ...

From: "Ali, Saqib" <docbook.xml () gmail com>
Date: Sat, 25 Jul 2009 17:45:43 -0700

As long as you trust them, Google can probably keep the systems more secure
than a bunch of random sysadmins who may or may not have training ...


I agree. I trust that a Google Employee, whose sole function is to
maintain the system, will ensure that the system is secure, patched
and up-to-date. It is simply about Reputational risk. Reputational
risk (damage to an organization through loss of its reputation or
standing), can arise as a consequence of operational failures. Every
company understands reputational risk, particularly businesses who
regard their brand as one of their most critical assets. Google is one
of them. They have a reputation to maintain.

Note: I posted the following as a comment to the aforementioned
latimes blogpost, so it may be a repeat for some folks.

NIST just published a working draft of the Cloud Computing Security
presentation. Some of the Security Advantages mentioned in the
presentation are:

   1. Shifting public data to a external cloud reduces the exposure of
the internal sensitive data
   2. Cloud homogeneity makes security auditing/testing simpler
   3. Clouds enable automated security management
   4. Redundancy / Disaster Recovery
   5. Data Fragmentation and Dispersal
   6. Dedicated Security Team
   7. Greater Investment in Security Infrastructure
   8. Fault Tolerance and Reliability
   9. Greater Resiliency
  10. Hypervisor Protection Against Network Attacks
  11. Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
  12. Simplification of Compliance Analysis
  13. Data Held by Unbiased Party (cloud vendor assertion)
  14. Low-Cost Disaster Recovery and Data Storage Solutions
  15. On-Demand Security Controls
  16. Real-Time Detection of System Tampering
  17. Rapid Re-Constitution of Services
  18. Advanced Honeynet Capabilities

I understand that these will depend on the actual implementation. It
usually does for everything. For e.g. you can create world's most
secure cipher, but the poor implementation is usually the weakest
link.

But in theory, if cloud services are implemented properly, I think
NIST's list of advantages hold true.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: All your database (and email) are belong to us ..., (continued)
- Re: All your database (and email) are belong to us ... Jarrod Frates (Jul 29)
- Re: All your database (and email) are belong to us ... chris (Jul 25)
  - Re: All your database (and email) are belong to us ... security curmudgeon (Jul 25)
    - Re: All your database (and email) are belong to us ... chris (Jul 25)
    - Re: All your database (and email) are belong to us ... security curmudgeon (Jul 25)
    - Re: All your database (and email) are belong to us ... chris (Jul 26)
    - Re: All your database (and email) are belong to us ... Young, Keith (Jul 28)
    - Re: All your database (and email) are belong to us ... Ali, Saqib (Aug 14)
    - Re: All your database (and email) are belong to us ... Rich Kulawiec (Jul 27)
  - Re: All your database (and email) are belong to us ... der Mouse (Jul 25)
- Re: All your database (and email) are belong to us ... Ali, Saqib (Aug 14)
  - Re: All your database (and email) are belong to us ... Valdis . Kletnieks (Aug 15)
    - Re: All your database (and email) are belong to us ... Hubbard, Dan (Aug 21)
    - Re: All your database (and email) are belong to us ... Rich Kulawiec (Aug 21)
    - Re: All your database (and email) are belong to us ... Alex Lanstein (Aug 21)
    - Re: All your database (and email) are belong to us ... Young, Keith (Aug 21)