It's unpopular from my standpoint because it "necessitates/assumes the trustworthyness of an external provider of compute service". It being considered a default implies you waive 4th Amendment protections.

Whereas securing your own network keeps them intact within your infrastructure.

Cloud is not always the answer. Learning to network and compute, is.

>It's unpopular from my standpoint because it "necessitates/assumes the trustworthyness of an external provider of compute service". It being considered a default implies you waive 4th Amendment protections.

This is why we should learn from what Ed Snowden presented as just about all of the data gathered by NSA and their contemporaries utilized the concept that encryption and security should only exist at the edge and they were capturing network traffic inter-network and intra-DC.

There were reasons why companies like Google took his whistleblowing seriously and changed their infrastructure accordingly because none of them feel safe leaving their "secret sausage recipe" exposed while still technically out of band from the customer paths.

Not at all, the external provider (cloud/tor) is still untrusted, I never implied that. It is a risk reduction strategy. If you care about security you must define threat model and risk boundaries.