On Mon, 12 Aug 2013, Johann Kruse wrote: > In fact this is already the case *now* in many large environments, and > probably most cloud providers (I define cloud in this case as the large > public SaaS/IaaS/PaaS providers like Google, Microsoft and Amazon). > > > Services run in layers - facilities, hardware, Hypervisor, OS, > Application, Data, etc. Each layer has its own admin (team that is, not > individual) with no permissions to other layers.
I think that people who are informed on this subject will agree in general terms on how one would go about limiting the damage using current techniques. In my view many organisations are paying lipservice to these principles. Few are doing it well. The problem is siloing well is both complex and expensive and you only need to get it a little bit wrong for it to fail catastrophically. This is the problem - attempting to contain information using current techniques is an unstable equilibrium point. Month after month, year after year the systems get more complex and they interact in ever more complex ways. As a result the information gets harder and harder to contain with each passing year. I'm not surprised with the leaks we're seeing. This is why I advocate a fundamental rethink of how information is contained. Note the last line of my sig. That is in my sig all the time - it isn't specific to this thread. Cheers, Rob -- Email: [email protected] Linux counter ID #16440 IRC: Solver (OFTC & Freenode) Web: http://www.pracops.com Director, Software in the Public Interest (http://spi-inc.org/) Information is a gas _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
