As you know I follow Bruce Schneier and his newsletter I highly recommend.
Of interest to me in the Crypto-Gram Bruce discussed:
Obama’s Cybersecurity Speech
Cloud Computing
In Obama’s Cybersecurity Speech he announced that the country’s disparate efforts to “deter, prevent, detect and defend” against cyber attacks would now be run out of the White House. That makes me wonder why and how when we already have the Pentagon, the National Security Agency, the Homeland Security Department and other agencies over the conduct of defensive and offensive cyberoperations. Why not utilize the existing departments more effectively? Inject the fund necessary and pass the laws necessary to help the existing departments share information?
Cloud Computing, as Bruce points out, isn’t a new concept at all. When a computer is within your network infrastructure, you can defend it with other security systems such as Cisco firewalls and Intrusion Prevention Systems, IDS and IPS. As we all know with any outsourcing model, whether it be cloud computing or hosted services etc you can’t. You have to trust your outsource completely. You not only have to trust the outsourcers security, but its reliability, availability, disaster recovery, and its business continuity. Perhaps full scale cloud will really on help out the small business man or the large company testing technology on a smaller scale. But what happens if you lose your Internet connection..