[lug] Why is it SO easy to destroy cloud environments?

[Rob Nagler]

Jim, I can't make your talk.

I would be curious for you to answer this question: What's the use of
this command?

juju destroy-environment

While I understand if you are "playing around", it's really useful to
tear down your toy environments quickly.  However, in ANY production
environment, there is no good reason for this command to exist.

Linode, Amazon, and a variety of out cloud providers all allow you to
cancel your account with a few clicks of your mouse, and possibly a
password, and an "are you sure?"

Perhaps I'm naive, but I have a hard time believing most people's
environments are so secure that no one could ever walk up to a
sysadmin's computer and shutdown the entire show with "juju
destroy-environment".

I've asked Linode why they have this, and they say it is convenient,
and with IP restrictions and such, you have enough protection.

If you read We Are Anonymous, you will know that script kiddies (which
is all the anons were, after all), could bring down major players
quite simply.  All it took for Sony, for example, was one buggy
WordPress site (Ghostbusters) to allow the anons to infiltrate the
entire Sony network.  Sony was down for a few weeks, but it had
offline backups and such, and afaik, the anons didn't trash anything,
just copied emails, coupons, and source code.  The reason Sony was
down was to put in better security measures.

What happens to the average cloud-based business which relies on their
VMs being backed up by said cloud providers?  Indeed, how would you
backup your EC2 locally if you only know how to use juju and the web
console for your computers?  What if a hacker social engineers one of
your employees or blackmails them?

Sorry, for the rant, but all this talk about the ease of cloud
deployments makes me very nervous that some bad boy can take down
major portions of our economy with a few clicks...

Rob