On 7/19/15 5:25 PM, Troy Benjegerdes wrote: On Tue, Jul 14, 2015 at 11:52:03AM -0400, [1]dan@geer.org wrote: Discussing security policy post-OPM debacle in a setting to which I have access (sorry to be oblique), it was said by a CxO "We have to prepare for the day when no software we depend on is run on premises." I did not handle this well (think sputtering as an alternative to white rage). At the same time, I am probably in a bubble in that I suspect that nearly everyone I see with a computer (of any form factor) is already in that situation or, save for Javascript piped in from the cloud to run locally, soon will be -- denizens of this list and a few others excepted. Echoing Lenin echoing Chernyshevsky, "What is to be done?" or, perhaps, "Is anything to be done?" --dan The same thing we did in the old days. Install an IBM mainframe. [2]https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/ The only place the 'cloud' makes sense is if you are Amazon or Google and you want to sell your excess computing capacity to suckers who can't afford to buy their own computers. If you actually do capacity planning and maybe do something like apply modern devops to mainframe platforms, you can actually get some economies of scale running your mainframe on-site. It will probably cost less than what that CxO's got paid under-the-table in a rigged altcoin pump-and-dump orchestrated by the cloud service provider. Traditional corporate onsite compute, storage, network, security, software (Oracle etc.) is almost always extremely expensive. While a raw hard drive may be inexpensive, if you buy it in an EMC or mainframe storage array, you are going to pay many multiples more per GB, compute minute, etc. And, if you bought anything more than you actually use, you're being very wasteful. Parts of the cloud revolution are rapid just in time purchase, deployment, change, new scalable methods, etc., but economically, it is often tremendously less expensive than a commercial solution plus the support staff to make it work. In the most efficient traditional local deployment possible, this may not be true initially, but for the vast majority of mediocre corporate IT departments, it is very true. If you are large and/or savvy enough, the thing to do is to borrow cloud system methods and run a cloud for yourself. Currently, that's not completely easy or turnkey. At some point, we should get to a clean utility computing model, but it will take a few more generations of evolution. sdw References 1. mailto:dan@geer.org 2. https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/