Security at cloud providers not getting better because of government regulation

The Politico article "Biden admin's cloud security problem: 'It could take down the Internet like a stack of dominos'" argues that large cloud providers such as Amazon AWS, Microsoft Azure and Google GCP are too big to fail and that the U.S. government wants to regulate cloud provider security.

In recent years, many organizations have migrated their IT systems to large cloud providers. As a result, the collapse of these cloud providers - and the consequent failure of a range of government and corporate IT services - would cause enormous damage. A damage similar, or even greater, than that of the too big to fail banks.

A legitimate concern. The question, however, is how to manage this risk. The article on Politico argues that cloud servers have not proven as secure as government officials had hoped. It is unclear what this shows and what the expectations were. It is also unclear whether the alternative, bringing back in-house IT facilities, would lead to higher security.

I would venture to doubt that. By comparison, banks also sometimes have their money stolen by criminals. But is it better to keep your money in your mattress at home? Given the state of IT systems in the government, I would expect IT and security at cloud vendors to be in much better shape.

That hackers from countries like Russia use cloud servers from companies like Amazon and Microsoft as a springboard for attacks on other targets is nothing new and has little to do with the above. As a platform for attacks, the cloud is well suited. But that is independent of where the targets are located.

This entry was posted on Friday 17 March 2023