

Hoff's poem bemoaning security in the cloud - mjmoody383
http://rationalsecurity.typepad.com/blog/2008/10/cloud-computing-security-in-poetic-review.html
A nice little diddy on the prospects of security and risk within this industry push towards cloud computing-
======
lsc
physical access is root access... I don't think renting virtual servers (what
you are doing with ec2, at least) is inherently any less secure than renting a
physical server. Either way, if I am the provider, and I am willing to do
unethical things to your server, I can.

Virtualization makes this slightly easier, but it's certainly possible on
physical servers. If you are co-locating your own hardware, I only need to
fake one crash to give myself root. If you are renting a server, well, it's
easy enough to trojan the image I give you.

Like most of the 'cloud computing' hype, these problems have been around for a
while. 'cloud computing' seems an awful lot like 'what we have been doing all
along, only faster and in a standard manner' Not that it's not awesome, but
I'm just saying that the problems are not new.

(unless you mean application-level cloud computing like google app engine.
that's something different, with different concerns. I was speaking of 'quick
provisioning' clouds, or 'utility computing' like amazon ec2)

