[lug] NoVAD: Protecting Cloud Data

[Rob Nagler]

Dan Ferris writes:
> In all fairness though, Cloud Spaces was using Amazon in the most stupid 
> way possible and several things, like the S3 multifactor delete, IDM 
> accounts/permissions, and bucket versioning would have prevented the 
> problem.

These are excellent points.  We would like to make this part of
NoVAD's message.  Both cloud providers and clients need to participate
in protecting client data.

I'd greatly appreciate you writing this up and adding it to our site:

http://www.novad.club/en/clients.html

It's written in kramdown so very easy to add pages and such:

https://github.com/novadclub/novadclub.github.io

Send a pull request, and I'll be happy to include it.

> I use S3 for backups, and all of our stuff has its own write only IDM 
> account to its own bucket and you have to have a Yubikey to delete anything.

One of the reasons for NoVAD is that the unthinkable does happen, and
that's why it's a dramatic event: virtually assured destruction.
Despite all the safeguards and sophisticated technology, nuclear
reactors have gone critical, and people have died.  Edward Snowden did
really steal a serious number of documents.  Target really had 40M+
credit cards.  These are in other spaces than NoVAD is addressing, but
it is only a matter of time before someone cracks a major SaaS
company.

Consider what would happen if someone did get into your master account
and clicked on the big red button, aka close account and button of
mass destruction?  I don't think that button should exist.  It's a
disaster waiting to happen for any company that relies on the cloud
for its IT infrastructure.  For those who don't know about the button
of mass destruction, read this article:

http://www.viarob.com/my/page/Nuclear_Deterrence_For_Your_Cloud

NoVAD is the layer of protection nobody wants to think about.  It's
what happens if someone gets on the inside.

Rob