Scott Sanchez Cloud Blog

Scott Sanchez

Subscribe to Scott Sanchez: eMailAlertsEmail Alerts
Get Scott Sanchez: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Scott Sanchez

Cloud isn’t secure because it is multi-tenant.  This is a weak argument that I’m tired of hearing. Here’s my short and sweet rebuttal to that position. >> Your internal data centers are multi-tenant today, and you aren’t managing them as well as a public cloud is managed. I can hear you going “Huh?”. Yeah.  Unless you are a three letter agency or one of a handful of super paranoid (or regulated) commercial organizations, your data center is multi-tenant today.  You have gaping holes opened so business partners can come in and help you make money, employees coming in from ‘dirty’ networks like their house, the airport, Starbucks, etc., vendors that service your applications and systems come in (physically and virtually), and who knows what else goes on. How well do you control, isolate and manage each one of those additional tenants?  Do you think it is 1/2 as good... (more)

Super High-End Hardware for Commodity Public Iaas? You're Doing It Wrong

In the past few weeks I’ve run across a number of people building both public clouds that plan on using the highest end hardware possible.  The fastest processors, IO, memory, SSD’s, infiniband, redundant everything, high end SAN hardware, etc.  My reaction every time is… “why???”. There seems to be a growing concern by some people just entering the public IaaS cloud business that they won’t be able to differentiate themselves on price or features with the AWS’s of the world.  So rather than looking at other ways to get in to the cloud business beyond IaaS or trying to different... (more)

Ten Observations from Cloud Expo NYC

This week I attended the Cloud Expo in New York City.  It was pretty well attended and I gave my “how cloud computing improves security” talk on both Tuesday and Wednesday to a total audience of probably 150 people.  Here is a top ten list of observations made and things that I learned during the conference, in no particular order.  Disclaimer: This is my personal opinion, as is everything on this blog and on my twitter, and does not necessarily reflect the opinion or position of anyone else, especially that of my employer. 1) There were far more “customers” at this show than th... (more)

Top Threat For Cloud Computing: Security Cluelessness

In a previous post I discussed my opinion on why SaaS is the most secure option right now, better than PaaS and IaaS.  The short version is that because security is forced on you at all layers, and that super smart security people are responsible for that security, so the security you get with SaaS is “best” right now. So why is cluelessness the biggest threat for cloud?  Because the tens of thousands of IT workers who bear some kind of security responsibility inside of IT shops around the world are now fiddling with cloud computing.  If not already, then “soon”, many of these ... (more)

Invest 15% of Cloud Savings in Security

There is a talk that I've given a few times with very good response - "How Cloud Computing -Improves- Security".  We go in to detail on all the areas where cloud providers have (or should have) gone the extra mile relative to the datacenter a customer runs in-house, and how with a solid partnership with your provider - a cloud can be more secure than what you have in-house.  One of the things we discuss during that talk is how users of cloud need to be prepared to spend more on security and compliance to get the level of comfort and risk management they are used to. The number I... (more)