Full Report
Last week had two “cloud-security” related articles hit the inter-webs.. After our Vegas09 talk on “clobbering the cloud” we had a brief chat to Rob Lemos, who called us up again, so we ended up adding the soundbyte to his piece in Technology review along with guys like Moxie Marlinspike and Danny MacPherson [here] We also showed up on Read/Write Web, where we were called “security nerds” and “black hats” Ahhh.. roll on 2010!
Analysis Summary
# Industry News: Increased Media Visibility for Cloud Security Concerns
## Summary
Security firm SensePost gained significant media exposure following their "clobbering the cloud" presentation at an industry event, featuring expert commentary in *Technology Review* and *Read/Write Web*. This highlights a growing media and public interest in the inherent security risks associated with cloud computing adoption.
## Key Details
- **Date:** Published/Reported around December 16, 2009 (Reflecting activity from "Last week")
- **Companies Involved:** SensePost, Technology Review, Read/Write Web, Moxie Marlinspike, Danny MacPherson
- **Category:** Media Coverage/Thought Leadership Activity
## The Story
Security consultancy SensePost, following a presentation titled "clobbering the cloud" (likely at an event like Black Hat/DEF CON in Las Vegas, given the context of "Vegas09"), received attention from major tech publications. Specifically, they contributed expert commentary to articles by Rob Lemos published in *Technology Review* and were featured on *Read/Write Web*, where they were referenced alongside other prominent security voices. The context suggests this media presence was driven by ongoing discussions surrounding foundational cloud security vulnerabilities.
## Business Impact
### For the Companies Involved
- **SensePost:** Increased brand visibility, established positioning as thought leaders in critical cloud security discussions, potentially leading to higher demand for their specialized consulting and auditing services.
- **Technology Review / Read/Write Web:** Successfully drew expert analysis into a timely and complex topic (cloud security), enhancing the credibility and depth of their coverage.
### For Competitors
- Security firms with similar niche expertise in cloud security may face increased competition for mindshare and inbound leads, as SensePost's high-profile visibility validates the market demand for this specialization.
### For Customers
- Increased awareness among enterprise technology leaders regarding the need to actively address cloud security models and potential exploitation vectors discussed by experts.
### For the Market
- Underscores the critical nature of cloud security as a mainstream industry concern, moving beyond purely technical discussions into broader trade press coverage.
## Technical Implications
The underlying technical theme, based on the presentation title "clobbering the cloud," suggests a focus on demonstrating successful security bypasses or exploitable weaknesses within cloud infrastructure designs or service models prevalent at the time (circa 2009).
## Strategic Analysis
- **Market Positioning:** SensePost successfully positioned itself at the forefront of an emergent and high-stakes security topic (cloud vulnerability).
- **Competitive Advantage:** Leveraging public discourse and expert commentary creates organic marketing and establishes authority, which is valuable in high-trust consultative sectors.
- **Challenges:** Being prominently associated with "clobbering" the cloud might attract scrutiny from cloud providers or be perceived negatively by organizations wary of overly aggressive security posture descriptions (as hinted by the "security nerds" and "black hats" labeling).
## Industry Reactions
- **Analyst Opinions:** (Inferred) Analysts would view this increased coverage positively for the security sector, signaling that vendor hype around cloud adoption needed balancing with robust security assessments.
- **Expert Commentary:** The inclusion alongside figures like Moxie Marlinspike further legitimizes the criticality of the issues being raised.
- **Market Response:** Indication of a growing demand for validation services concerning the shared responsibility model of cloud security.
## Future Outlook
- This media attention likely foreshadows increased enterprise spending on cloud penetration testing and architectural reviews in the subsequent 2010 period.
- Watch for traditional cloud providers to respond with more formalized disclosure programs or enhanced security certifications to address these publicized concerns.
## For Security Professionals
Security practitioners should recognize that high-profile disclosures of cloud weaknesses drive organizational mandates for remediation. This coverage signals that cloud security validation is now a necessary governance function, not just an optional technical check.