[lug] Why is it SO easy to destroy cloud environments?
Rob Nagler
nagler at bivio.biz
Thu Oct 18 12:51:58 MDT 2012
On Thu, Oct 18, 2012 at 11:48 AM, David L. Anselmi wrote:
> As a user of the environment you figure out how to avoid doing that or recover when it happens.
I don't think that's always possible, or these days, remotely feasible
in most situations. Nothing would get done if you had to verify that
every third party facility used by your business. This is called
"friction" in economic terms. I don't verify that ext3 will work
properly. I have to trust it and the process by which it is
maintained and distributed.
More important, most people don't have the capability to verify most
of the facilities they use. This was the lesson Brian Reid was trying
to impart. Microsoft, for example, is responsible for the DLL and
Registry designs. The technology was known to be poorly designed at
the time it was introduced, and Microsoft ignored that feedback.
99.9% of the users can't know any of this, nor do they have the
capabilities to understand it.
Nobody can solve the cloud security problem except the technologists
who implement it. My goal is to raise awareness about the problem.
Bear Giles wrote:
> it might not be that they don't care but that they've looked at it and haven't found anything that's actually useful
It is insufficient to say this. On the original firewalls list, it
made sense to deploy firewalls. Those that didn't acted as attack
vectors for the rest of the internet. At the time, not many people
were interested in firewalls. Now, like anti-virus software, it is
considered irresponsible not to use them.
Our job as technologists is to do the best we can given the
constraints of our situation. Cloud providers could, for example,
provide a one way switch to turn off cancel account and/or destroy
instances. They could also provide backups which are permanent after
accounts are canceled. These would be fee-based insurance policies.
It's great that Linode provides an IP whitelist to the management
console. And, as I noted, I have to trust them that there corporate
security is handled appropriately. If they get cracked, I lose, but
if they do expose a permanent offsite backup mechanism, I (and they)
have some chance of recovering from an internal breach.
Security and availability will always be at odds, but we have to be
aware of this natural tension. Platforms should allow technologists
to choose between these poles. Linux clearly does this, and I see no
reason that cloud providers can't as well.
Rob
More information about the LUG
mailing list