[cloudsigma]

Yes you are right, it is certainly easier to snoop on customers as an IaaS vendor if you keep full root access and file system visibility. I'd say that constitutes 'lazy policing' and not needed and that is certainly our experience :-)

Botnets etc. rely on free hijacked capacity not computing resources bought on an industrial scale on commercial terms. The cloud is no more prone for use as a botnet or other problematic activity than dedicated hardware. Although often touted, I've yet to hear a compelling case for IaaS clouds being any more susceptible to such use than VPS, shared hosting etc. etc.

Likewise, such activity becomes very obvious very quickly and it isn't access inside a customer's cloud server that allows you to spot such activity.

As I say, there are not real reasons not to give customers full control of their cloud servers any more than they have full control of their dedicated servers. In fact, the flexibility of the cloud makes policing it more easy than dedicated hardware without snooping inside customer servers or restricting their ability to control their computing.

In terms of administration, customers can choose to use their own in-house admins or that of a third party and many of our customers do. The point is they done have a choice, with other clouds they have one choice, the cloud vendor as the admin. That's overly restrictive and it isn't surprising why you get such concerns raised over security and control in the cloud.

Thanks for the great feedback by the way.

Best wishes,

Patrick CEO CloudSigma