All software vendors, 2018:
So then all the customer's data, every tiny detail of their lives, is uploaded into the giant central computer hub located in another country. And your life gets much better! It only costs you $1000 a day. Any questions?
Me:
Uh. um. What, like, stops bad, uh, bad people, all that power in one place
Vendor (laughing):
We knew you'd ask! So we only allow a tiny insular self-selected, rich, social elite to run the giant central computer.
CEO (nods):
Very wise.
seriously if you want to watch a room go dead still with an embarrassed, pitying silence because there is a very dumb person in it who just doesn't understand Modern Computer
just ask questions about Why Put All The Things In The Cloud, What About Privacy
One does not simply... NOT put all the things in the Cloud
I thought you understood Computer
Q: "this path we're committed to, is it wise?"
A: (pitying look) "It's happening. You can't stop it. Everything is going this way."
A: "I know everyone's doing it, but is it *wise*. Will we regret this later?"
Q: (shuffle papers) "Let's move on."
But very few things scare me quite as much, bone-deep, as the average IT person's implicit trust in the pure-hearted goodness of Large Corporations.
The bigger the corporation, the more the trust.
It's amazing.
I don't know whom you've been addressing, but IT people are in my experience some of the most cynical people I've met - with the possible exception of lawyers.
@jankoekepan The vendor was selling a cloud-based antivirus solution, which sends telemetry from every workstation of every running process and every opened file up to The Cloud (in another country), where Big Data Algorithms would do unspecified correlation-y things with all other users' data to detect if there were ongoing security threats.
All the people in the room were security engineers.
They pitied my naive distrust of The Cloud.
You just don't NOT do The Cloud, even in security.
@jankoekepan You just don't DO on-premises servers and even on-premises security analysis consoles. It's all cloud, cloud, cloud.
Security is MUCH better done in another country, by a large corporation.
That way you know it's secure, see.
In fact we should probably be MORE suspicious of all OUR employees, because they're not Cloud.
@natecull @jankoekepan What hellish otherworldly place did this vendor apparate from?
@natecull @jankoekepan *screaming of the DAMNED!!!*
My take on situations like that was usually to put out an email stipulating the perceived risk profile, request commentary on mitigations, and copy it widely. That way when lawsuits arise, I can say that I Told You So.
But you can't stop a C-suite stuffed shirt from doing whatever they decide.
@jankoekepan @natecull EMTs, too.
@natecull convenience beats trust, every time. convenience is always a convincing (but often quite false) synonym for "more efficient" which is then translated to "less expensive" to C-level decision maker types.
@aag And it certainly is less expensive.
Running a physical server room, installing racks, and setting up and paying for air conditioning is a *pain*.
@natecull but don't you see? Because they are rich they are inherently good! Otherwise they wouldn't be rich. Because my pastor teaches me that being good will make me rich, so since they are rich they must be good.
@natecull What do you expect? Techies tend to be geeks and nerds, and get their culture from megacorporations. They won't bite the hand that feeds them poisoned meat.
They don't have the guts for that.
Disclaimer: My actual CEO was not actually in the room.