Hacker News new | past | comments | ask | show | jobs | submit login

> When you're not, you have to worry about everyone in your supply chain opening sketchy PDFs.

That's absolutely not correct. Besides, I have more respect for the security and operations procedures for AWS, GCP and Azure than I do for 99% of startups running their own infrastructure.

But my primary point is that you seem to be arguing that being on prem is inherently more secure, and more importantly, being in the cloud made LastPass less secure, despite the fact that the breach vector in this case would have been equally effective regardless of whether they were in cloud or on prem.




It doesn't matter how secure 4 providers are. There are only 4. OpSec won't stop a submarine from bombing underwater fiber. OpSec won't stop a missile heading for the data center. The strategic importance of our consolidated infrastructure WILL be a paramount target for any enemy of the west.

On-prem business is a diversified attack vector. Cloud storage is a consolidated attack vector. Would russia rather attack 100,000 small diverse targets, or one enormous target with 1,000,000s of customers?


If your goal is to avoid downtime in case of nuclear war, you could use a managed distributed database solution from a cloud provider.

Also, attacks against 'on-prem' services still scale, in the sense that an exploit against a service's code can be used on any number of independent deployments of that code. The solution to that is to actively avoid monoculture. [0]

[0] https://indieweb.org/monoculture


If your primary concern is global thermonuclear war, then like other commenters have said, I think we'll have much more important things to worry about.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: