This got me thinking about cloud security. The ongoing desire to put moats between us and the attackers. But what is us, in the cloud? Can we prevent the attacks? What are the current moat style technologies in play today?
VMware’s Project Octopus and others like ownCloud and Oxygen Cloud have stirred some interesting ideas about Application Security. Those applications that make use of SSL, nearly every web application, can make use of secure data storage for certificate verification means. What makes SSL MiTM attacks possible, is mostly related to poor certificate management. If there was a way to alleviate the need for the user to be involved in this security decision, then SSL MiTM attacks would be significantly reduced.