Yes, it is like the easiest way to get someones password is to just ask them for it. Surprising how many people will give it to you once you have their trust.
On Thu, Feb 26, 2015 at 8:57 AM, Tom Rutter <therut...@gmail.com> wrote: > +1 for Greg. > > This reminds me of a time we pranked the *head security guy* at a company > I worked for and easily convinced him to give us some private details like > his home address, car rego and so on. > > > On Wed, Feb 25, 2015 at 8:32 PM, Greg Low (博士低格雷格) <g...@greglow.com> > wrote: > >> I do find it amusing when I hear these stories though, where companies >> think the data is safer or more secure or more private on premises than >> somewhere like Azure. >> >> >> >> On their worst day the Azure guys will do a better job of this stuff than >> any company I’ve walked in to, and I’ve been to a lot. I see what people do >> in the real world and it isn’t pretty. >> >> >> >> But even in terms of intrusion, does anyone really think the company that >> they work for will do a better job of detecting intrusion than one of these >> datacentres? >> >> >> >> Or alternately, they are assuming that their own datacentres will be more >> bullet-proof when it comes to intruders. Lots of luck with that. >> >> >> >> In the future, I suspect that the tables will turn completely. The >> required standards for privacy and security will likely be raised >> significantly, and these datacentres will be the first places to meet the >> requirements. >> >> >> >> Regards, >> >> >> >> Greg >> >> >> >> Dr Greg Low >> >> >> >> 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 >> fax >> >> SQL Down Under | Web: www.sqldownunder.com >> >> >> >> *From:* ozdotnet-boun...@ozdotnet.com [mailto: >> ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Andrew Tobin >> *Sent:* Wednesday, 25 February 2015 4:30 PM >> *To:* ozDotNet >> *Subject:* Re: Azure and security trust >> >> >> >> One alternative that I haven't looked into much at all, so take this with >> a grain of salt - is to have anything identifying on a local network, >> firewalled, and accessible via a site-to-site VPN connection to an Azure >> hosted server. Like I said, I haven't looked at what an implementation >> would take, but if you could create a firewalled, safe, tunnel to your data >> hosted on prem, and other data in the cloud - then it's an option? >> >> >> >> >> http://azure.microsoft.com/en-us/documentation/articles/virtual-networks-create-site-to-site-cross-premises-connectivity/ >> >> >> >> On Wed, Feb 25, 2015 at 2:28 PM, Greg Keogh <g...@mira.net> wrote: >> >> Folks, I have a demo SQL database in Azure and it's working nicely, but >> now we have to consider how to get it into production use. My demo DB >> doesn't contain any real names and addresses, but the live DB will have >> information about hospital patients, and you can imagine how confidential >> that is! I'm told they will demand the DB be stored on hospital managed >> servers, which is a damn nuisance in reality as I'm sure many of you know >> how tedious it can be trying to break through walls of bureaucracy around >> IT departments in places like hospitals and the government. >> >> >> >> This opens up the whole issues of "trust and the cloud". Since the >> Snowden revelations, I don't know how anyone with confidential data can >> trust cloud storage. Even I don't trust it and all of my backups in >> Rackspace and Azure blobs are pkzipc AES encrypted. So how on earth could a >> hospital be convinced that cloud store is an attractive option? >> >> >> >> I just remembered that Amazon has a special area that is certified secure >> so they can get government contracts. I haven't seen anything like that in >> Azure. Despite that, it doesn't make me feel much better, as we now know >> the NSA was intercepting hardware and bugging it, and coercing huge telcos >> to put splitters in the backbones, and using secret FISA orders to threaten >> other even huger companies to secretly hand over their records. So who the >> hell can trust anyone in the cloud?! >> >> >> >> Is anyone dealing in this sort of cloud/trust business at the moment? >> What's the state of play? is there any hope? Am I just paranoid? (who's >> monitoring this email?) >> >> >> >> *Greg K* >> >> >> > >
