Security in the Cloud, by Bruce Schneier: http://www.schneier.com/blog/archives/2006/02/security_in_the.html
Should security be at the endpoints or built in to the core of the Internet? Yes, says Bruce Schneier. "Defense in depth", the concept of overlapping and non-contiguous security systems, is gained on the internet by putting security in both the endpoints *and* the midpoints. "This kind of layered security is precisely what we're seeing develop. Traditionally, security was implemented at the endpoints, because that's what the user controlled. An organization had no choice but to put its firewalls, IDSs, and anti-virus software inside its network. Today, with the rise of managed security services and other outsourced network services, additional security can be provided inside the cloud." "Security in the cloud is a good addition, but it's not a replacement for more traditional network and desktop security." He also includes a link to an opposing viewpoint. That's cool. The article is a light on technical details, but heavy on rational thinking. -todd -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
