We’re screwed

It’s the annual Blackhat event where you listen to presentations and my takeaway is “we’re screwed”.

I’m listening to the cloud security thread and my first takeaway is that we’re pretty much plopping our premise server brainmindset up into the cloud and we are not reinventing the security we need.  Especially in the SMB world.  We need more identity management and PKI and in SMB we freak over how often BPOS passwords require you to change them (and as an aside that’s adjustable — all you need to do is open a trouble ticket and ask them to change that).  We’re looking to move our existing applications to the cloud and not designing them and building them for the cloud.

We keep hearing the headlines about how cheaper it is, how better it is and no one is asking us if we’ve pulled out a threat model and looked to what risks we’re going to face and what changes we need to do.

Don’t worry this excessive paranoia will wear off a bit and I’ll go back to normal paranoia by next week.  But for now I’m sharpening my Dixon Ticonderoga and will be using a No. 2 pencil rather than a computer until I feel safe again.

3 Thoughts on “We’re screwed

  1. Joe Raby on July 30, 2010 at 1:57 pm said:

    Kidding! Big Brother is watching over your shoulder, so be sure to cover up those PINpads. 😉

  2. Dean on July 30, 2010 at 6:33 pm said:

    I wish people would drop this CLOUD nomenclature and call it what we used to call it a year ago. The Internet. That’s where the security problems are no matter what you are doing on it. The Internet was not designed with security in mind ( ironic since it was designed for the military ) and until we get Internet 3 ( Internet 2 is already in use ) with built in security it never will be secure or safe.

  3. Joe Raby on July 30, 2010 at 10:21 pm said:

    The only way that the Internet will be secure is if the commercialization of data exchange becomes unprofitable. Unfortunately, that’ll never happen.

Post Navigation