La Fragmentation Inévitable du Cloud Souverain

https://peer.adalta.social/w/2xwShKd48u3ui5rmTPiz33

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

Europe's Fragmented Cloud Sovereignty Gambit

https://peer.adalta.social/w/1613S3Pk6Ny34fRwmWbHWm

Europas fragmentierte Cloud-Souveränität

https://peer.adalta.social/w/4ZDzcdraPoQjVdzrdP8wA4

Congress banned federal agencies from collecting bulk data on Americans in 2015. So some of them just started buying it from data brokers instead. 😳 ICE signed a contract with a company whose tool can track mobile phone movements or locate phones that have visited specific locations. No warrant. Taxpayer money. Done. One privacy attorney put it plainly: it's like the police paying your landlord $100 for a spare key and walking through your house without a warrant.

Now add AI to that picture. Anthropic's CEO Dario Amodei warned that records the government can purchase can be used by AI to assemble "a comprehensive picture of any person's life automatically and at a massive scale." That's not hypothetical. That's now. And the window to close this through FISA reauthorization closes April 20!

The business angle nobody's talking about: the same data brokers selling to ICE are selling data your employees, customers, and executives generate every day. You have no control over what happens to it after it leaves your app or browser. That should be in your risk conversation, not just your privacy policy.

🏛️ This is bipartisan; Republicans and Democrats are co-sponsoring the fix
📅 April 20 is the deadline

https://www.npr.org/2026/03/25/nx-s1-5752369/ice-surveillance-data-brokers-congress-anthropic
#Privacy #AI #Leadership #Cybersecurity #security #cloud #infosec #surveillance

Oh boy. Stanford researchers scanned 10 million web pages and found API keys just sitting in the public-facing code. That's 1,748 active credentials from major providers exposed in live website code, mostly inside JavaScript files. Not in old test environments. Not in a forgotten repo. In the live, running site. Banks. Healthcare providers. "Not just small companies, but some very large companies," according to the lead researcher. And some of those credentials had been sitting there for years. Not the first time I've seen something like this. 🤦🏻‍♂️

The thing is that most orgs are scanning their source code but not their deployed sites. 😳 Those are two different things, and most leaks originate during the build process. A key gets baked in somewhere between development and production, and nobody catches it because the scan already ran upstream. Meanwhile, GitGuardian counted over 28 million new hardcoded secrets exposed in public GitHub commits in 2025 alone. This isn't a one-time research finding it's a systemic habit that needs to change.

🔍 When did your team last scan the live site, not just the codebase?
🏦 If you're in a regulated industry, that question just became a compliance question too

https://www.newscientist.com/article/2520143-security-credentials-inadvertently-leaked-on-thousands-of-websites/
#Cybersecurity #AppSec #Leadership #security #privacy #cloud #infosec

For many people, there's Simply No Need For @microsoft Office anymore. Microsoft raised prices in January 2025 and added Copilot to every plan. Correlation isn't always causation, but come on. A Reddit comment calling it an "active impediment to workflow" got over 2,000 upvotes. That's not a fringe opinion, that's a signal. When your users are that vocal about the AI you forced on them, making things worse, you've got a product problem dressed up as a progress story. Remember #MicroSlop?

The part nobody wants to address at work: your company is probably still paying for 365 because switching feels hard, not because it's the best tool. Google's top-tier plan — 2TB of storage plus Gemini's paid features — costs the same $9.99 a month as Microsoft's lowest 365 tier. That math is hard to ignore if you're actually looking at it.

🔒 The real lock-in isn't the software anymore, it's inertia
📊 If your org hasn't audited this spend recently, now's a good time.

https://www.bgr.com/2130087/why-no-one-needs-microsoft-office-anymore/
#Microsoft #Leadership #Productivity #security #privacy #cloud #infosec #cybersecurity

The properties we built blockchain to have are now working against us. No central server. Immutable. Distributed across thousands of nodes globally. Those were supposed to be features. Now North Korean 🇰🇵 hackers figured out they're also a perfect place to park malware where nobody can pull the plug. The attack starts with a fake LinkedIn job offer, drops malicious code into a smart contract on Ethereum or BNB Smart Chain, and waits. There's no command-and-control server to raid. No hosting provider to call. No kill switch. One group alone has already hit roughly 14,000 WordPress sites this way. 🎯 The worst part isn't the technique. It's that your standard incident response playbook assumes there's something to take down. Here, there isn't.

🔐 Your defenders need to know this changes the containment math
📋 Your board needs to hear that "we took down the server" may not be an option anymore

https://www.pcmag.com/news/malware-is-sleeping-on-the-blockchain-and-its-already-infected-dozens-of
#Cybersecurity #Blockchain #InfoSec #security #privacy #cloud

#ai #war #cloud : an interactive database and tangible interactive installation connecting and explaining the current techno-imperial boomerang that is perpetuated by machine learning.
By Sarah Ciston
https://aiwar.cloud/

Code: https://gitlab.com/sarahciston/aiwar