What exactly is he right about? China hasn't done anything that you can't do on a local WiFi connection. They grab the connection and put a self-signed cert to it. Security is still intact. The only way this hurts anyone is if they blindly trust all certificates, in which case they're screwed anyways.
I agree. The cloud isn't new. VPN's have existed for ever as well as client-mainframe.
The perception that the cloud is somehow re-invented is in fact the saddening thing. It's just more accessible and faster than in the fast, but ultimately you can't manage infrastructure by abdication and farming it out.
There's always an uneasy balance between security and convenience.
My client would never allow their source code to be hosted in the cloud either. There's really no point fighting them on this, since they employ security and legal teams for just this purpose. The external marketing partner is not going to trump that. Ever. And there's nothing wrong with this.
There's always a precarious balance between security and convenience.
The customers own their code. They have been around longer for more oscillations between the "cloud" and bare metal than most people who have an opinion on it.
They're forward thinking enough to not embrace the cloud, or bare metal, and instead are exploring hybrid cloud technology that can run on a combination, and more importantly, move dev ops between different environments.
One reality is many people who blindly think it's ok to put everything on in the cloud, don't always know of the reality of liability, or have a relationship with any codebase and the associated IP for more than a few years.