When you're on prem you only have to worry about your own employees opening sketchy PDFs. When you're not, you have to worry about everyone in your supply chain opening sketchy PDFs.
Nevermind the fact that the next time a major world conflict occurs, the big 4 cloud providers will probably be destroyed, taking about 90% of the western economy with it.
> When you're on prem you only have to worry about your own employees opening sketchy PDFs
This is just plain wrong. When you’re on prem you have to worry about configuring all of you hardware and software correctly yourself. Your firewalls, your SSH server(s), off site backup systems, hardware failures, software patching, access points to your network – the list goes on. Some of these are true for cloud services as well.
They are just different trade offs. Sometimes on prem makes sense, and sometimes cloud services makes sense. You can’t say that security is less of a concern in one of them.
> Nevermind the fact that the next time a major world conflict occurs, the big 4 cloud providers will probably be destroyed, taking about 90% of the western economy with it.
And it somehow does _not_ take your on prem system with it? Even though cloud providers are spread across the whole world, and your on prem system is most likely in one, single location?
> When you're not, you have to worry about everyone in your supply chain opening sketchy PDFs.
That's absolutely not correct. Besides, I have more respect for the security and operations procedures for AWS, GCP and Azure than I do for 99% of startups running their own infrastructure.
But my primary point is that you seem to be arguing that being on prem is inherently more secure, and more importantly, being in the cloud made LastPass less secure, despite the fact that the breach vector in this case would have been equally effective regardless of whether they were in cloud or on prem.
It doesn't matter how secure 4 providers are. There are only 4. OpSec won't stop a submarine from bombing underwater fiber. OpSec won't stop a missile heading for the data center. The strategic importance of our consolidated infrastructure WILL be a paramount target for any enemy of the west.
On-prem business is a diversified attack vector. Cloud storage is a consolidated attack vector. Would russia rather attack 100,000 small diverse targets, or one enormous target with 1,000,000s of customers?
If your goal is to avoid downtime in case of nuclear war, you could use
a managed distributed database solution from a cloud provider.
Also, attacks against 'on-prem' services still scale, in the sense that
an exploit against a service's code can be used on any number of
independent deployments of that code.
The solution to that is to actively avoid monoculture. [0]
If your primary concern is global thermonuclear war, then like other commenters have said, I think we'll have much more important things to worry about.
yeh but it's not the saas/big 4 that has developer login locally as admin that gets owned and then is not segmented sufficiently to stop the spread, it's the scrappy startup.
And I say this while working at a scrappy startup where there is no segmentation, every browses in a browser with sudo etc. see piriform and others.
Your hate is not wrong of cloud but onprem is not necessarily more secure. Not at all. (IMO layers of abstraction and cost once you actually scale are the real negatives)
You don't need to destroy the cloud providers. Missile hits on the major interconnection (interchange? peering?) nodes in each major country and most of the companies and people are offline. Or hit the power plants, see Ukraine.
When you're on prem you only have to worry about your own employees opening sketchy PDFs. When you're not, you have to worry about everyone in your supply chain opening sketchy PDFs.
Nevermind the fact that the next time a major world conflict occurs, the big 4 cloud providers will probably be destroyed, taking about 90% of the western economy with it.