A large number of sessions, vendor pitches and hallway chatter at the recent RSA conference in San Francisco revolved around "cloud security", everything from securing public cloud environments to securing private cloud virtual machines, and from securing operations and data in the cloud to delivering cloud-based security applications and services. But the common theme appeared to center on that elusive thing called trust.
The suggestion was that, because we've decided to put our information, applications and infrastructures in the hands of cloud providers, we all of a sudden have to worry about trust.
The reality is we've always had to worry about trust. Unfortunately, most businesses have opted to blindly trust in the absence of being able to prove that the trust was, and is still, warranted. Have we all conveniently forgotten about the insider threat?
According to Jason Hoffman of Joyent, "The only way to trust is to remove trust altogether."