undefined | Better HN

0 pointsSupremumLimit15y ago0 comments

In theory it shouldn't matter whether my security expertise is in-house or I pay some external party to provide it, right? The usual argument for economies of scale also applies - it's beneficial to have the platform provider manage security for the customers. I think the problem is that Heroku's (and most other providers') promise of security is nice in theory, but in practice they carry no responsibility if anything goes wrong.

I agree that it's important to make sure the provider's security policy is sufficient for your needs in the first place, however.

0 comments

1 comments · 1 top-level

sorbits15y ago

In theory it shouldn't matter whether my security expertise is in-house or I pay some external party to provide it, right?

You are not paying an external party to come by and secure all your servers/applications — you are paying for a service which require you to share a lot of your data with a third party.

The usual argument for economies of scale also applies

But the bigger the third party you outsource to is, the more people will try to hack it.

j / k navigate · click thread line to collapse