Google drops out of Pentagon cloud computing competition

I’ve been in infosec since 93. CISSP, CISM, CEH and currently ISO at a firm with over $22B in assets.

To say the cloud is “just using someone else’s server” is a grand oversimplification that illustrates a lack of comprehension of modern cloud computing.

Smug and ignorant is a bad combination. Maybe that’s why you’re an architect and not an executive.

Bingo. You definitely get it.

Power (generator manufacturing/maintenance/fuel delivery/wiring to the panel, etc). Connectivity. Disaster containment.

No company is an island. Hell, some countries aren’t even islands. The US imports 98% of its CPUs. Having your own servers in your own data center doesn’t protect you from a spiked hardware supply line. (announced last week China was tampering with serverboard chipsets)

In ‘93 I was implementing TEMPEST secure rooms for the Army. In fact, in ‘93 it was the emergency operation center at Ft Leavenworth, KS. I know this for a fact because I was not allowed on the project till my clearance was upgraded. Got my start with Infosec in ‘82 with the military rainbow series.

I have all of those certs and others as well. As for being an Architect, that is one of the roles I fulfill. My actual title is Principal Consultant. My role is “Lead Cyber Security Architect”. The reason I am called an Architect is that I am designing the solutions and offerings for our customers. Additionally, I am the person that bank executives ask to design their security systems, conduct penetration tests, and develop the policies and procedures to keep my customers in compliance. DFS 500, GLBA, AML, FERC/NERC, FFIEC, are all in my wheelhouse. My current active customers have over $1 Trillion in assets under management.

I have been an Executive - didn’t like the politics. Got tired of being told to fire people that were bringing in 120% of their recovery target while other departments were allowed to keep people barely able to sustain a 70% recovery.

Telling the TRUTH is not being smug or ignorant. Cloud remains someone else’s server. There may be cost advantages to using someone else’s server, and there may be technical reasons for using someone else’s server. But at the end of the day, that fact remains. Those that do not account for that simple and starting fact in their designs are setting themselves up for a very bad day. Just as some of our customers have found.

Cloud is not the “end all, be all, solution” that cloud providers pitch to the market. Just like any other technical solution, it has pros and cons. It has pitfalls and rewards. But it is not for the uninformed and those that do not accept the beginning understanding of who owns the server, where that server is located, and what control they exert over that server; are uninformed.

Those that believe “cloud” is a fix for all ills and that “cloud” can do no wrong and no harm, are often shocked when presented evidence of cloud failures.

https://www.readitquik.com/articles/cloud-3/6-cloud-computing-failures-that-shocked-the-world/

https://www.crn.com/slide-shows/cloud/300081477/the-10-biggest-cloud-outages-of-2016-so-far.htm/

The start of any effective security program is physical security. If you can’t prevent access to the server itself, all the other IT controls implemented are at risk. You want to scare the hell out of most legal departments? Ask them under their existing cloud contract, can they PREVENT (not talking about a lawsuit that follows the event) their cloud provider from handing over copies of the hard drives to the courts or police. Most legal departments do not KNOW. Many IT departments would not even know if a copy of the cloud drive had been obtained.

FOX NEWS CRUSHES CNN AND MSNBC IN RATINGS, HAS MORE VIEWERS THAN BOTH NETWORKS COMBINED

http://www.freerepublic.com/focus/f-chat/3695548/posts

— and —

[Note Google’s impact on web traffic]

CNN beats Foxnews in web traffic.

~~~

I wonder how popular this forum would be if Google were unbiased?