I have been trying to spread a specific story-line about cloud since I cooked it up for my BSidesLV presentation “2011: A Cloud Odyssey”.
Now each time I present at another conference several people come up and ask me for a copy of Cloud Odyssey and more insight into what I see as the core security issues for cloud.
So, soon I will post the 12M PDF of the 165 slide epic. It lacks all the animation and such, but perhaps it will still be handy as a reference to those who attended.
And here is my abridged take on the amazing opportunity that lies before us. My father’s generation of engineers focused on the Space Race — to put an astronaut on the moon. Overcoming the risk of space travel became a national obsession.
The cloud industry for my generation has brought to my mind several parallels to the space race. We stand at the edge of developing new and better ways to safely launch workloads into a high-risk environment. This is really just the beginning of the hyper environment. Those with lesser value assets at risk may have been able to launch first, just like sputnik had no pilot. The real test is to put our highest-value assets in a container that enables not only survival in cloud but also supports advanced procedures.
Kubrick’s movies pointed to serious downsides to centralized trust and automation. We are unlikely to prove this wrong. In fact, as I pointed out at BSidesLV, I did not pay Richard Bejtlich any money or prompt him to tweet like he was United States Air Force Brigadier General Jack D. Ripper during my Dr. Stuxlove presentation at BSidesSF. I could not have planned a better reaction. He fell into that all on his own and probably never realized the amazing irony.
My next several presentations (RSA Europe, RSA Beijing, ISACA SF) will draw on the space race parallel story in more detail. I will explain how to best reduce risk before you launch into the cloud and/or how to avoid the HAL effect once you are there.