Slashdot reader storagedude writes: If cloud service providers are the only ones who can get security right, will everyone eventually move to the cloud? That's one of the questions longtime IT systems architect Henry Newman asks in a new article on eSecurity Planet. "The concept of zero trust has been around since 2010, when Forrester Research analyst John Kindervag created the zero trust security model. Yet two years after the devastating Colonial Pipeline attack and strong advocacy from the U.S. government and others, we are still no closer to seeing zero trust architecture widely adopted," Newman writes. "The only exception, it seems, has been cloud service providers, who boast an enviable record when it comes to cybersecurity, thanks to rigorous security practices like Google's continuous patching." "As security breaches continue to happen hourly, sooner or later zero trust requirements are going to be forced upon all organizations, given the impact and cost to society. The Biden Administration is already pushing ambitious cybersecurity legislation, but it's unlikely to get very far in the current Congress. I am very surprised that the cyber insurance industry has not required zero trust architecture already, but perhaps the $1.4 billion Merck judgment that went against the industry last week will begin to change that. "The central question is, can any organization implement a full zero trust stack, buy hardware and software from various vendors and put it together, or will we all have to move to cloud service providers (CSPs) to get zero trust security? "Old arguments that cloud profit margins will eventually make on-premises IT infrastructure seem like the cheaper alternative failed to anticipate an era when security became so difficult that only cloud service providers could get it right." Cloud service providers have one key advantage when it comes to security, Newman notes: They control, write and build much of their software and hardware stacks. Newman concludes: "I am somewhat surprised that cloud service providers don't tout their security advantages more than they do, and I am equally surprised that the commercial off-the-shelf vendors do not band together faster than they have been to work on zero trust. But what surprises me the most is the lack of pressure on everyone to move to zero trust and get a leg or two up on the current attack techniques and make the attack plane much smaller than it is."

Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: AWS offered A Look Inside the Making of an NFL Football Schedule in conjunction with Thursday's release of the 2023 NFL Schedule Powered by AWS. AWS notes that producing the schedule required the use of 4,000+ AWS EC2 Spot Instances. An AWS promotional video claims they "saved the NFL an estimated $2 million each season" by leveraging AWS Spot Instances for a discount of up to 90% off compared to AWS On-Demand pricing.. "In just three months," AWS explains, "National Football League (NFL) schedule makers methodically build an exciting 18 week 272-game schedule spanning 576 possible game windows." Up until 10 years ago, AWS notes in an accompanying infographic, the NFL used a white-boarding process to manually craft its schedule. Not to diminish the NFL's and AWS's 2023 scheduling achievement, but the 2013 documentary The Schedule Makers told the remarkable tale of the husband-and-wife duo of Henry and Holly Stephenson, who for almost a quarter of a century in the pre-Cloud era managed the scheduling for 30 Major League Baseball (MLB) teams who each played 162 regular season games a year. According to the May 1985 Atari Compendium (pg. 38), the Stephensons were using a self-written program running on a 64K IMS-8000 to help schedule games for the MLB (2,106 games over a 6-month season), NBA, and NASL/MISL (defunct soccer leagues). So perhaps the NFL's claim that "There's no way the NFL could deliver the quality of schedule that we put out every year for our fans and television partners without the contributions of our friends at AWS" should be taken with a grain of salt.

Read more of this story at Slashdot.