[andrewstuart]

>> I don’t see why banking shouldn’t be on a cloud platform

What if AWS gets cracked/hacked/compromised?

I know it's not happened yet, but it's not impossible.

[tome]

I guess there are two important questions:

* For individual banks and their customers, is it more likely that an AWS-wide exploit will compromise an AWS-hosted bank, or is it more likely that a self-hosting-specific exploit will compromise a self-hosted bank?

* For society, is it better that security efforts are concentrated in on centralised providers like AWS, or is it better that security efforts are distributed, on individual hosting entities?

[dmitriid]

That's more or less the same question as "what if the data center/servers operated by the bank gets compromised".

In reality it's always about tradeoffs: who to delegate to and who to trust.

[starfallg]

>That's more or less the same question as "what if the data center/servers operated by the bank gets compromised".

The difference is that cloud relies on public services, which once compromised (e.g. via social engineering), allow for lateral attacks resulting in much bigger impact (e.g. Lapsus$) across the complete customer base. This makes social engineering much more attractive in cost vs impact. The resulting monoculture in not only the software, but the infrastructure and configuation also increase the impact on technical attacks on specific exploits.

[dmitriid]

> The difference is that cloud relies on public services

What are the public services that AWS relies on, and how are they different from a bank's server farm, or a bank renting out space in a datacenter?

The same, really, applies to all other concerns.

[starfallg]

Route 53, CloudFront, AWS Console, AWS IAM, etc.

All of these services are hosted by AWS in a multi-tenant fashion, sharing not only the code, but infrastructure and configuration patterns.