Favorite Quote

"..the market seems to have come to the conclusion that cloud computing has a lot in common with obscenity-- you may not be able to to define it, but you'll know it when you see it." James Urquant

Monday, December 28, 2009

MIT Techology Review covers Cloud Security

MIT Technogy review recently published a great article titled: Security in the Ether addressing security, privacy and reliability issues resulting from cloud computing.  Some of the interesting points in this article include:
  1. The cloud security threat is across two related dimensions:
    • cloud resident data may be lost due to equipment/software failure or stolen by a hacker because of the shared resouce nature of cloud computing.
    • cloud data may be mishandled by the cloud provider because of technology gaps, but more importantly, such information can be extracted through a court issued subpoena.  Whether the data resident in the cloud versus on-premise makes it more or less likely to a subpoena being exercised is yet to be seen.  Bit and bytes lost accidentally or intentionally have a strange way of persisting and being recovered eventually.  22 Million emails "lost" during Bush's era were "suprisingly" recovered by computer technicians recently.
  2. Cloud outages are directly related to security vulnerabilities.  A single corrupted bit caused Amazon S3 outage is 2008.
  3. Cloud vendors can provide rapid remidiation that is transparent to the cloud consumers.  If there is a security. reliability, or scalaibility flaw, cloud vendors can patch their platforms quickly and address the problem.  This is their core business, so theoritically, they should be on their toes more so that an enterprise IT team with only 5%-10% of the corporate budget tied to IT.  The continual battle/cost justification faced by CIOs for more IT budget to enhance infrastructure only delays the remediation process againsts new and emerging issues.  The speed of remediation by cloud vendor should be more rapid than enterprise IT Data centers owing to the scale of impact and the number of companies calling in for quick remediation.  Fault tolerance by using multiple cloud providers will become crucial for enterprises seeking to reduce the risk even further in case of failure cause by a security exposure is a particular cloud.  The ecomomics of using multiple cloud providers will be far more compelling that sticking with a single provider or an on-premise deployment for storage- and cpu- intensive applications.
  4. "The very term cloud computing should be replace by swamp computing." Ron Rivest, MIT Computer Scientist, co-inventor, RSA public key cryptography algorithm.
  5. Granular encryption will become a significant factor in protecting data in the cloud.  This has been the cornerstone of XML and SOAP Security where any element or fragment can be encrypted with any selected key.  Using XML/Cloud Gateways such as Forum Sentry, any information that is to reside on a public cloud can be granularly encrypted using a hierarchy of keys.
Security in the Ether, by David Talbot

No comments:

Post a Comment