It’s the annual Blackhat event where you listen to presentations and my takeaway is “we’re screwed”.
I’m listening to the cloud security thread and my first takeaway is that we’re pretty much plopping our premise server brainmindset up into the cloud and we are not reinventing the security we need. Especially in the SMB world. We need more identity management and PKI and in SMB we freak over how often BPOS passwords require you to change them (and as an aside that’s adjustable — all you need to do is open a trouble ticket and ask them to change that). We’re looking to move our existing applications to the cloud and not designing them and building them for the cloud.
We keep hearing the headlines about how cheaper it is, how better it is and no one is asking us if we’ve pulled out a threat model and looked to what risks we’re going to face and what changes we need to do.
Don’t worry this excessive paranoia will wear off a bit and I’ll go back to normal paranoia by next week. But for now I’m sharpening my Dixon Ticonderoga and will be using a No. 2 pencil rather than a computer until I feel safe again.