THIS:
“People who say put everything into the cloud have never met a highly regulated customer.”
VMware CEO Pat Gelsinger and graphical-browser-inventor-turned-venture-capitalist Marc Andreessen have engaged in a feisty debate at Vmworld 2013, during which the pair clashed on a number of topics. Speaking in a session titled “The Data Center is Dead, Long Live the Data Center”, Andreessen asserted that no-one in their …
I would add paranoid situationally aware customer to that.
Our business sector isn't really regulated, but a lot of our output itself is and our internal processes/competitive advantages would be too vulnerable in 'the cloud'. I'm sure there are many other businesses who simply can't afford a breach of security and/or the inability to internally manage that risk.
If something goes terribly wrong I want the responsible party where I can get at them in person. People with vested interests in their work, not a cog in an industrial machine*.
*Not a knock on the cogs of industrial machines, personnel portability/modularity just isn't suitable for all business.
Sorry, but I have to totally disagree Andreesen. Security is entirely dependent upon the people you employ to protect you or your data and with the cloud you have outsourced your data and your security and not only do you not know what you are really getting you don't know what you are not getting either. Try to run a physical security audit on AWS or ECS and see how far you get.
Encryption is going to help and should become standard but again it is only as good as the people used to deploy it and in the cloud they could be anyone.
Additionally, encrypting incoming and outgoing traffic is well and good, but unencrypted data at rest/inside the cloud provider is still at risk from provider personnel and depends on regular physical/logical access security of the cloud data center anyway.
Waving "encryption" around as a magical solution is just PR.
"Speaking in a session titled “The Data Center is Dead, Long Live the Data Center”, Andreeseen asserted that no-one in their right mind buys so much as a single server these days. “Startups no longer have any capital expenditure budget, other than the cost of some laptops, and they're always Macs,” he said. This arrangement works just fine because everything a business needs is available in the cloud."
No one buys a single server? So the cloud runs on? iPads? That is one of the most stupid comments ever. Up there with any one of Ballmers bloopers.
Startups? Yes every company in the world is a start up. There are no mature businesses anymore. As for Macs...I've been using laptops since 1998 exclusively and I have never had a Mac, not have I ever ordered a Mac in my role as an IT manager.
Everything a business needs is available in the cloud...yeah...huge risk, third party messing around, regulatory issues, crap support, security issues, OUTAGES THAT YOU HAVE NO CONTROL OVER etc etc.
He then goes on about security. At this point Marc's credibility is shot to pieces, Little thinking that this could get worse he says he's funded some company that does encryption. Wow. No really Marc...wow! Not withstanding that this is only for in and out data and not encrypted within the cloud (hey...the cloud company can read all our data! What larks!), I suspect that any one of the intelligence agencies can happily break that encryption if they need to. To say that encryption is the only aspect of security is laughable...and even more laughable is that he actually talks about internal threats...
"Internal environments are riddled with holes, malware and Chinese hackers"
Well isn't a cloud company running a fucking data centre (sorry...but my question above about hosting cloud environments involving iPads was rhetorical) still an internal environment?
I'd say Gelsinger was off his game to let this shit go by so easily.
I've found it's best to spout bullshit on stage where people cant really argue and you can always claim you were misquoted. Look at politicians, they say absolutely insane stuff at rallies but you'll never get them to sign a statement verifilying they said it :)
But they fail to realise
1) Realtime encryption is process intensive, doesn't matter if its hardware based, it still has an overhead and latency cost
2) Encrypted data in a database is very difficult and slow to query against
Add these things together and data warehousing becomes slow and almost impossible - hence another reason companies choose to do it themselves!
Marc represents so much of why the VC industry is hurting the economy. First off, he worships the cloud, which is simply old-fashioned time-sharing reborn on networked machines, using OSs not designed for time-sharing. VMWare only exists, and is so needed, because Windows-type systems don't have the isolation capabilities that old systems like TOPS-20 and MVS/XA had. But then Marcs too young to remember any of that.
Likewise, by assuming that everyone uses Mac laptops, he confuses what might be the most common option in his millieu (rich, fashionable people) with the more diverse broader world. Hey Marc, how do you configure that WiFi access point that your Ethernet-less Mac (oh gee, the Ethernet jack is too wide for the sleep look that St. Steve wanted) depends on? Guess what -- somebody else has a Windows laptop with Ethernet!
So he's funding fads that bubble gamblers like (well, that's how he made his money) and ignoring the big world of niche markets, useful products that people really need, where real profits are made.