[Infowarrior] - [ISN] Cloud services could bolster national cyber security

[Richard Forno]

Umm, yeah, okay.

What happens when you can't reach the cloud?  Mission Fail.

What happens when the cloud provider drops the ball on security or other operational requirements? Mission Fail.

What happens when you want to switch cloud providers for a better price? Gonna be hard I bet.  Just remember how many organisations didn't switch away from Microsoft because "we spent too much on it already" and ended up suffering through tons of more-costly infosec and operational problems as a result.  Yay, lock-in!

The IT community is so infatuated with the potential benefits of All Things Cloud(tm) that it is losing sight of the potential, if not probable, real risks associated with it.  It willingly seeks now to lock itself into a walled garden environment controlled by a third party that perhaps offers greater convenience and cost-savings but at the expense of resiliency and a greater control over its ability to function during adversity.  Yay, Cloud!     (And yay, warped sense of priorities for networks/services allegedly deemed 'critical'.)

Cyber-adveraries are salivating at what the future holds for them in Cloud-Based America.   Yay, Cloud!

Mark my words:  the cloud will be uber-awesome, until it breaks or you can't reach it.

-- rick
infowarrior.org

On Feb 3, 2011, at 02:51 , InfoSec News wrote:

> http://www.networkworld.com/news/2011/020211-cloud-services-cyber-security.html
> 
> By Tim Greene
> Network World
> February 02, 2011 
> 
> The shift to cloud computing offers an opportunity to better secure the 
> national digital infrastructure by concentrating the burden of cyber 
> security among a relatively small number of service providers rather 
> than thousands of individual businesses, according to a report by a 
> foreign policy think tank.
> 
> "Cloud computing has weaknesses, but it also offers the opportunity to 
> aggregate and automate cyber defense," according to a new report by the 
> Center for Strategic and International Studies. The report, 
> "Cybersecurity Two Years Later," is a follow-up to "Securing Cyberspace 
> for the 44th Presidency," which the group issued in 2008.
> 
> "Much of the burden of security will shift from consumers and businesses 
> to service providers that may be better equipped to meet advanced 
> challenges," the new report says. "The move to the cloud is not a silver 
> bullet that will solve all cybersecurity problems, but it is part of a 
> larger move to a more mature infrastructure that includes the automation 
> of security practices and monitoring -- such as the Security Content 
> Automation Protocol (SCAP) -- particularly if we find a better way for 
> service providers to work more effectively with government agencies."
> 
> In the two years since the foreign-policy think tank issued its first 
> report the Obama administration has fallen short of implementing 
> measures that would protect the U.S. from cyber attacks, the new report 
> says.
> 
> [...]