OK. No dubious metaphors about clouds and stormy weather. Maybe.
We all know, because we’ve been told so many times, that cloud computing, whatever that is, is going to be the salvation of not only the anti-malware industry, but the rest of the software industry.
NIST (National Institute of Standards and Technology, whose Computer Security Division has a Computer Security Resource Center here) has published a presentation on "Effectively and Securely Using the Cloud Computing Paradigm v20". Interesting: lots about the advantages, not so much about the disadvantages.
For another view, try Bruce Schneier’s essay here: http://www.schneier.com/blog/archives/2009/06/cloud_computing.html: I don’t always agree with Schneier, especially when he dips his toes into malware issues, but his observations on such phenomena as "Security Theater" and "cover your ass security" are usually right on the money. Well, my money.
Talking of Schneier,this months CRYPTO-GRAM newsletter includes a lot of stuff re the Second Interdisciplinary Workshop on Security and Human Behaviour, at MIT. I really wish I could have been there, as that has so much relevance to so much that I’m working on: instead, I’ll have to spend some serious time checking out those notes and links. CRYPTO-GRAM is a hefty chunk of email, and all too often I don’t have time to read it, but it’s never time wasted when I do. If you’re seriously interested in security and don’t know about it, take a look here.
David Harley CISSP FBCS CITIP
Director of Malware Intelligence
Author David Harley, We Live Security