
My Talk at Google - qubitsam
https://www.schneier.com/blog/archives/2013/06/my_talk_at_goog.html
======
gulfie
Re : auditing cloud providers / higher security or assurance infrastructure.

1) If you bring enough money to the table, you can get them to let you in the
doors and look at whatever you might want.

2) Rackspace ( [http://www.rackspace.com/blog/compliance-standards-and-
regul...](http://www.rackspace.com/blog/compliance-standards-and-regulations-
that-keep-the-cloud-secure/) ) (and others) currently hold audit
certifications and will sometimes show the certification reports. Some things
to look for: SSAE16 SOC 1,2,3 (type 1 and 2) , PCI/DSS , ISO 27001, etc.

3) AWS is setting up a .gov region. I'm guessing that this will have a higher
security bar than the rest of the regions.

4) google is rumored to have a Fort Meade presence, I would guess that the
average googler wouldn't be allowed to use that infrastructure.

5) Rather than renting from a single cloud, for higher security installations
someone like Booze Allen Hamilton would help you build out and run a more
custom solution rather than take a share of a pooled resource.

------
asveikau
I know the content of the video itself is very interesting, but I have to make
this tangential comment:

Is it me or do people who were born in Brooklyn in the 50s and 60s have cool
accents? Richard Stallman for example has a very similar accent.

------
Create
All Watched Over by Machines of Loving Grace

[http://www.bbc.co.uk/programmes/b011k45f](http://www.bbc.co.uk/programmes/b011k45f)

------
znowi
Great talk. Loved it. Bruce is an insightful, engaging speaker. I come to like
him even more :)

