And neither should anyone else. Cloud computing offers big savings but without better authentication of users (including use of DNSSEC) it is folly to rely on the cloud for anything that is critical or private.
The Network World article by Tim Greene can be found here:
The former National Security Agency technical director told the RSA Conference he doesn't trust cloud services and bluntly admonished vendors for leaving software vulnerabilities unpatched sometimes for years.
Speaking for himself and not the agency, Brian Snow says that cloud infrastructure can deliver services that customers can access securely, but the shared nature of the cloud leaves doubts about attack channels through other users in the cloud. "You don't know what else is cuddling up next to it," he says.
Even the most secure cloud platform in the world, such as Google's, has been compromised by lack of user authentication. That is how Twitter was victimized. Improving our infrastructure is not all rocket science.
Comments