I think the 3 fundamental problems with the Cloud are: 1. We don't control the CODE (service provider-owned apps might be sharing our data), 2. We don't control the INFRASTRUCTURE (admins have access to our data), 3. We don't control the AVAILABILITY (we might get cut off).
-
-
Do we control the hardware, though, and does inspecting the code make much sense if you cannot inspect the hardware? It makes *some* sense, but depends on threat model?
-
That falls under #2 (infra), doesn't it?
-
Ah, ok. I thought #2 was more narrowly scoped.
-
In the same vein #1 (code) means: the entirety of the service/app, incl. configs, which has been created and is being managed by the service provider. Where service provider (e.g. Fitbit) is usually a different entity than the party controlling/ owning the infra (e.g. AWS).
End of conversation
New conversation -
-
-
Would moving to self-hosting on a cloud provider like AWS help? It obviously wouldn’t stop someone from accessing your data if they wanted to, but neither will code audits (unless you use client-side encryption.)
-
Yeah, it'd solve #1. Except no one has resources to maintain all those apps and services... That's why we have all those 3rd party service providers, whose only job is to maintain all these apps...
-
...so, rather than getting rid of them, we need some forms of remote... attestation of what they have deployed. (And yes, I'm using this in a broader meaning than mere TCG/SGX remote attestation).
-
But the path towards doing that could flow through something like “publish an AMI (or Docker image) and provide a SIMPLE means for people to provision it on the hosting provider of their choice.”
-
All the other attestation stuff is only worth a damn once you have cloud services wrapped up in easily auditable containers. And tackling that first part (with revenue and subscription services included) seems like its a single, re-usable technical task.
- 1 more reply
New conversation -
-
-
@Beaker started Cloud Audit about 10 years ago, but it seems to have fizzed out. Ahead of its time I reckon. More customer pressure needed.https://cloudsecurityalliance.org/working-groups/cloudaudit/#_overview …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I belive we should be beyond this conversation if we as humans demand open dialect in democratic but moreover 'free" soieties, which should be glaring if not for the utter lack of knowledge the masses have on this.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Another issue is in cross jurisdiction storage of information in particular personal data and regulatory requirements arising.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
How far back in the supply chain do you want to go? If you run your own servers, or even rely upon trusted hardware, there is still a limit, unless you fabricate your own CPUs, motherboards, firmware etc. Serious question though: where is the acceptable limit to the trust chain?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Given the complexity of today's software stacks, I think (comprehensively) auditing cloud software is out of the question.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is overly optimistic idea. First of all, admin of hypervisor still can access VMs. And, hardware platform ensuring they can't is reportedly broken. Besides all this, hardware platform running majority of current cloud is side-channel attack friendly as 2018 proved so far.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Ad 1: You control the code running on your Intel CPU? Ad 2: In any large organisation, this is the case. It can be resolved using trust, contracts, audits. Ad 3: This is the case anyways: ISPs and hosting providers can cut you off as well.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This is the fundamental point for me. It's really a question of visibility and trust. A lot of organisations see your listed problems as opportunities because they have visibility of how poor their in-house capabilities are. However they do need assurance CSPs deliver on claims.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.