Re: Cloud services could bolster national cyber security

[InfoSec News <alerts () infosecnews org>]

Forwarded from: Richard Forno <rforno (at) infowarrior.org>
To: InfoSec News <alerts (at) infosecnews.org>
Cc: Infowarrior List <infowarrior (at) attrition.org>

Umm, yeah, okay.

What happens when you can't reach the cloud?  Mission Fail.

What happens when the cloud provider drops the ball on security or other 
operational requirements? Mission Fail.

What happens when you want to switch cloud providers for a better price? 
Gonna be hard I bet.  Just remember how many organisations didn't switch 
away from Microsoft because "we spent too much on it already" and ended 
up suffering through tons of more-costly infosec and operational 
problems as a result.  Yay, lock-in!

The IT community is so infatuated with the potential benefits of All 
Things Cloud(tm) that it is losing sight of the potential, if not 
probable, real risks associated with it.  It willingly seeks now to lock 
itself into a walled garden environment controlled by a third party that 
perhaps offers greater convenience and cost-savings but at the expense 
of resiliency and a greater control over its ability to function during 
adversity.  Yay, Cloud!  (And yay, warped sense of priorities for 
networks/services allegedly deemed 'critical'.)

Cyber-adveraries are salivating at what the future holds for them in 
Cloud-Based America.  Yay, Cloud!

Mark my words:  the cloud will be uber-awesome, until it breaks or you 
can't reach it.

-- rick
infowarrior.org


On Feb 3, 2011, at 02:51 , InfoSec News wrote:

> http://www.networkworld.com/news/2011/020211-cloud-services-cyber-security.html
>
> By Tim Greene
> Network World
> February 02, 2011 
>
> The shift to cloud computing offers an opportunity to better secure 
> the national digital infrastructure by concentrating the burden of 
> cyber security among a relatively small number of service providers 
> rather than thousands of individual businesses, according to a report 
> by a foreign policy think tank.
>
> "Cloud computing has weaknesses, but it also offers the opportunity to 
> aggregate and automate cyber defense," according to a new report by 
> the Center for Strategic and International Studies. The report, 
> "Cybersecurity Two Years Later," is a follow-up to "Securing 
> Cyberspace for the 44th Presidency," which the group issued in 2008.
>
> "Much of the burden of security will shift from consumers and 
> businesses to service providers that may be better equipped to meet 
> advanced challenges," the new report says. "The move to the cloud is 
> not a silver bullet that will solve all cybersecurity problems, but it 
> is part of a larger move to a more mature infrastructure that includes 
> the automation of security practices and monitoring -- such as the 
> Security Content Automation Protocol (SCAP) -- particularly if we find 
> a better way for service providers to work more effectively with 
> government agencies."
>
> In the two years since the foreign-policy think tank issued its first 
> report the Obama administration has fallen short of implementing 
> measures that would protect the U.S. from cyber attacks, the new 
> report says.
>
> [...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/