Nor anywhere else for that matter

Phil Windley has this interesting post on Cloud Security. There are a lot of good thoughts here, but this one stood out:

Host intrusion detection systems (HIDS) work fine on cloud infrastructure, but are hard to do at higher levels of the stack. Network intrusion detection systems (NIDS) are impossible to do at most providers. The traditional notion of “perimeter” is not necessarily available in the cloud.

Nor anywhere else for that matter, I would add. No notion is more irrelevant today than perimeter security, yet it continues to be the cornerstone of many organizations strategy. I always suggest keeping the perimeter in place but secure everything behind it as if it doesn’t exist.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s