Comments on: The cloud is a powder keg

By: The cloud is a powder keg | Igniting Startups - nPost

The cloud is a powder keg | Igniting Startups - nPost — Fri, 09 Oct 2009 17:49:10 +0000

[...] From cdixon.org [...]

By: kellan

kellan — Mon, 05 Oct 2009 17:33:30 +0000

My mind immediately went to the money under the mattress metaphor as well. Banks have centralized the risk, and yet we still use them, for a combination of efficiency and security. In a world where everyone rolled their own security, home break ins would sky rocket.

And lets be clear, right now with technology startups 95% of them are in the hiding the money under the mattress stage. It's is only that much of the data is less liquid/desirable then money that has kept the relative rate of break in so low.

Security is something that you should never roll your own. You can get this by following best practices diligently, and ceaseless vigilance on your own hardware (I wonder if we could quantify "ceaseless" in terms of person/hour impact on a startup), or you can outsource it to the cloud.

By: Prateek

Prateek — Mon, 05 Oct 2009 13:07:02 +0000

Disclosure: I work for a SaaS project management tool called Remindo.com.

Being a SaaS provider myself, I agree with the Salesforce position that you can at best get better shotguns and better alarm bells, nevertheless dismissing security concerns seems like a bad idea to me. We have tried to fortify ourselves by using AWS and VeriSign SSL, this does ensure that there won't be data loss but frankly everyone knows that no security measure can be 100% failproof. And as far as internal threats(rogue employees etc) are concerned, its like asking bank employees why they won't steal money from your accounts. The business of the bank depends on the fact that it won't ever happen

By: kellan

kellan — Mon, 05 Oct 2009 10:33:30 +0000

By: Prateek

Prateek — Mon, 05 Oct 2009 06:07:02 +0000

By: chris dixon

chris dixon — Sun, 04 Oct 2009 14:16:30 +0000

This is why the attacker always has the advantage in security – all you need is one weak link for them to exploit.

By: chris dixon

chris dixon — Sun, 04 Oct 2009 14:15:42 +0000

I agree your average SaaS vendor has better security than their average client. I'm just really doubt that outweighs the Sutton rule. Salesforce has one of the juiciest data sets in existence. They better guard that like Fort Knox. Their website says they use SSL and have a firewall. Not reassuring.

By: chris dixon

chris dixon — Sun, 04 Oct 2009 14:13:38 +0000

Well, with SaaS you now have an additional point of attack – in addition to the SaaS datacenter you can still put a keyboard logger on the client machine to get data. I agree however that long term SaaS vendors will deal with this better. Hence my investment in a technology I think will help them.

By: Kevin

Kevin — Sun, 04 Oct 2009 13:54:33 +0000

Along the same line of thinking… I wonder about the security of so-called “mash-up” apps. Let's say you have a HR SaaS app that mashes up with a payroll SaaS app that mashes up with Salesforce, etc. Is there the potential for one of these SaaS apps to be the weak link in the chain and allow access into the others? I don't know the answer, I'm just posing the question as these types of scenarios become more prevalent.

By: ShanaC

ShanaC — Sun, 04 Oct 2009 13:26:18 +0000

Somehow I get the feeling from the Art of War that all you would have to do in a highly centralized system is draw the person out and then wiplash them with a lot of very indirect pinpoint attacks before hitting them with a full brunt.

If you are saying that cloud storage is better because now we are walled- even the mightiest stone walls are at peril to water over time.