Compare medieval cities to cloud security

September 25, 2018
1 minute read
security cloud

When I stumbled across An introduction to medieval cities and cloud security I wondered why anyone still uses the castle model seriously to discuss security. I’m fairly certain this is not a suitable mental model anymore. In today’s cloud how can we for sure say what’s inside and what’s outside? In a micro-services architecture do you build lots of small castles? Can you even do this sensibly on the network layer?

Reading it again I realized it should probably be more read as metaphors for the different security mechanisms available in a cloud environment and how to combine them. This makes a lot more sense. However it’s still mainly applicable to IaaS type environments where you basically build the complete infrastructure.

If you look at serverless applications there’s typically no VPC and all which remains are access control checks and checks within the application.

Therefore I still think we should stop describing architectures or security approaches using this metaphor. It limits our thinking and may even prevent us from choosing the proper security controls for cloud native applications.

Share on:

If your security architecture is largely based on protective measures, think again

September 3, 2023
3 minute read

Using SSH Agent on Windows

November 10, 2021
2 minute read
security software

Attribution in Cyber Security

October 22, 2021
3 minute read