On 7/19/15 5:25 PM, Troy Benjegerdes wrote:
On Tue, Jul 14, 2015 at 11:52:03AM -0400, dan@geer.org wrote:

Discussing security policy post-OPM debacle in a setting to which
I have access (sorry to be oblique), it was said by a CxO "We have
to prepare for the day when no software we depend on is run on
premises."

I did not handle this well (think sputtering as an alternative to
white rage).  At the same time, I am probably in a bubble in that
I suspect that nearly everyone I see with a computer (of any form
factor) is already in that situation or, save for Javascript piped
in from the cloud to run locally, soon will be -- denizens of this
list and a few others excepted.

Echoing Lenin echoing Chernyshevsky, "What is to be done?" or,
perhaps, "Is anything to be done?"

--dan

The same thing we did in the old days.

Install an IBM mainframe.

https://www.techwire.net/the-mainframe-lives-on-an-industry-perspective/

The only place the 'cloud' makes sense is if you are Amazon or Google
and you want to sell your excess computing capacity to suckers who can't
afford to buy their own computers.

If you actually do capacity planning and maybe do something like apply
modern devops to mainframe platforms, you can actually get some economies
of scale running your mainframe on-site.

It will probably cost less than what that CxO's got paid under-the-table
in a rigged altcoin pump-and-dump orchestrated by the cloud service
provider.

Traditional corporate onsite compute, storage, network, security, software (Oracle etc.) is almost always extremely expensive.  While a raw hard drive may be inexpensive, if you buy it in an EMC or mainframe storage array, you are going to pay many multiples more per GB, compute minute, etc.  And, if you bought anything more than you actually use, you're being very wasteful.  Parts of the cloud revolution are rapid just in time purchase, deployment, change, new scalable methods, etc., but economically, it is often tremendously less expensive than a commercial solution plus the support staff to make it work.  In the most efficient traditional local deployment possible, this may not be true initially, but for the vast majority of mediocre corporate IT departments, it is very true.

If you are large and/or savvy enough, the thing to do is to borrow cloud system methods and run a cloud for yourself.  Currently, that's not completely easy or turnkey.  At some point, we should get to a clean utility computing model, but it will take a few more generations of evolution.

sdw