Folks,
Hello. I hope this finds you doing well. Let me begin by saying that we are slated to make a small announcement today or tomorrow, and this post is NOT that announcement. That should likely follow in a few hours, or tomorrow.
Our Cloud/Modernization Strategy - We Impose ZERO TRUST in the Cloud
In this post, I wanted to take a few moments to share our Cloud/Modernization strategy.
There appears to be a narrative in the world, likely funded by the world's many Cloud Computing companies, that every organization ought to consider and implement a Cloud/Modernization strategy, or risk getting left technologically behind.
At the core of this narrative appears to be a strong (but inaccurate) message that the Cloud is inherently more trustworthy and cost-effective to use than the traditional computing systems that most of the world's organizations operate on today.
A closer look reveals that such narratives/their core principles seem to emanate from and be delivered to a global audience via guidance from government organizations tasked with promoting "American innovation and industrial competitiveness", published in the form of high-level guidance, which American cloud computing companies seize the opportunity to quote.
It also seems that such narratives/initiatives seem to provide certain vendors of operating systems and hosting providers (, mostly American Corporations,) a golden opportunity to additionally have their entire global organizational customer base now also pay them, on a recurring basis, for a host of new computing and cyber security services built, marketed and labelled as the 'Cloud.'
To further worsen the situation, it appears that some of these vendors seem to invest billions of dollars in sophisticated marketing strategies, to not only get some of these initiatives to become part of American Government policy, but also to convince/persuade the "C-Suite" at their global organizational customer base, to transition assets over to their Cloud.
Little do these hapless organizational customers from across the world seem to realize that whilst embracing these new services marketed as the Cloud may sound rosy and secure, in reality, it requires (involves) them to basically relinquish* operational control (autonomy) and privacy, and take on an eternal dependency on an external third-party.
* The moment an organization transitions its primary identities into the Cloud is the moment it loses its operational autonomy.
The world's organizations and their shareholders may want to contrast this with the undeniable fact that the alternative, i.e. operating on traditional computing systems upon which the world has been successfully operating for years now, does NOT require organizations to relinquish their operational autonomy, privacy or security, i.e. give up their sovereignty.
It appears that this paramount fact, one that directly impacts the security, autonomy and sovereignty of every organization, and in the case of governments, also impacts national sovereignty and national security, is astonishingly overlooked!
The Cloud is a No-Starter for Us
It likely cannot be stated any simpler than someone already has - "The Cloud is just someone else's computer."
The world ought to understand, in no uncertain terms, that the moment you put your assets onto someone else's computer, they are no longer, either private OR solely yours. They can be accessed by, copied, modified and destroyed by ANYONE who has ADMINISTRATIVE or sufficient access to that computer, or anyone who could gain UNAUTHORIZED access to it, including 1000s of the Cloud provider's personnel (, whose identities/computers too could be compromised and misused.)
Further, because these Cloud providers are starting to be used by thousands of organizations, they themselves are now MASSIVE targets for highly proficient, and often state-funded adversaries, and their compromise could easily cascade.
Finally, when you use an Identity Provider (IDP), you must understand that that IDP now knows exactly who you are, where you are, what you are logging on to, and what you are accessing. In other words, you have no privacy left. None.
For starters, for that reason to begin with, the Cloud is a no-starter for us.
Concluding Thoughts
My time is very valuable so I will not spend more time on this. Time permitting, I may pen another blog post in the future with sufficient (concrete) technical details, but for now, this is all I wish to say, and have time to say regarding the Cloud.
Let me be very clear - we are perfectly capable of offering the most technologically advanced services in the Cloud as well, but since it is conceptually a no-starter for us, we do not invest time or resources to build and offer Cloud based services.
In short, at Paramount Defenses, we literally impose zero trust in the Cloud, and since we know how to operate a secure IT environment, we do NOT rely on anyone i.e. any Cloud provider to operate our internal organizational IT infrastructure.
As a result, we fully retain our operational autonomy, organizational privacy and cyber security.
That's all I have to say about it. As a well-wisher, I encourage the entire world to consider the perspective shared above.
Thanks,
Sanjay
No comments:
Post a Comment