Alex Stamos, partner at the Krebs Stamos Group and a federal advisory committee member at the Cybersecurity and Infrastructure Security Agency, said he believes basic security functions should not be sold as add-ons by cloud service providers and that such features should be addressed through an executive order.
“You should not have to pay extra for security, I’m sorry, that is immoral for companies [to charge for],” said Stamos.
“I’d love to see an executive order that any cloud product that is bought by a federal agency has to support [multi factor authentication], [single sign on] and basic audit in the most base paid package.”
Stamos, who is also director of Stanford Internet Observatory, raised concerns among CSPs charging for MFA, SSO and other baseline security features through an enterprise license.
“Give it to everybody who’s paying five bucks a month or 10 bucks a month for your product, do not charge 20 or 30 or $50 a month to get the basic security functions,” he said. “It’s just a completely unethical thing. For big businesses to hold up small businesses, ‘can’t be secure unless you pay me more money,’ just really pisses me off, to be frank.”