Everyone's head is in the cloud
As far as a gathering of security professionals, academics, government big wigs and industry experts are concerned, here at RSA the world's biggest security conference, it is all about the cloud.
Art Coviello, RSA president, quoted the words of MIT media labs visionary Nicholas Negroponte when he said back in 1997 "the internet was the most overhyped, underestimated phenomenon in history.
"Mark my words," said Mr Coviello "the same will be true of cloud computing."
Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group agreed and said "the cloud has become the big buzz and everyone is talking about the cloud."
"We have before us more data moving into the cloud and more sophisticated cyber criminals," said Qualys chief executive Philippe Courtot.
"Today cloud computing carries the promise of being able to build security into the very infrastructure of the cloud," he told BBC News.
As suggested there by Mr Courtot, the big issue is security and where else is that topic going to get a good airing but at the RSA conference which bills itself as "the place where the world talks security".
Mr Coviello revealed that while "cloud computing will complete the transformation of IT infrastructures unleashed by the internet," a survey by CIO magazine showed that 51% of chief information officers cited security as their "greatest concern surrounding cloud computing adoption."
Time and time again the RSA president re-iterated this message during his keynote address.
He said the cloud enables organisations to move away from their ageing infrastructures and instead focus their investments on the business. But, "something is holding back the full realisation of this vision, and that in a word, is security".
And that was when Mr Coviello threw down the gauntlet to the audience telling them that they had to step up and "embrace the challenge and seize the opportunity" and ensure safety is designed and built into the cloud so that everyone can feel confident about using it.
With the internet, safety and security are bolt-ons that have been added constantly over the years. But when it comes to the issue of the cloud, speaker after speaker at this RSA conflab underscored how vital it was to think about security as an early building block and not an afterthought.
The worrying thing about all of this as more and more of our personal information is stored in the cloud, is that I attended a high-level lunch with senior security professionals during RSA a year ago and back then they were highlighting the importance of this self same issue.
The message was the same about ensuring security is not a "Johnny come lately" idea and that the clock was ticking for the industry to grasp the nettle before it was too late.
While the drive to the cloud seems like a runaway train every business must hitch a ride on, the security concerns are clearly hampering it travelling in the fast lane.
One sobering, and yes obvious, thought comes from Microsoft's Scott Charney who told me that when it comes to 100% security, you are not going to get that in the cloud or for that matter anywhere else.
"There's no such thing as 100% security unfortunately, either in the physical world or in the electronic world."
Yes in life and online, there is always an element of risk.
~RS~q~RS~~RS~z~RS~16~RS~)
Comments
If security it the barrier to rapid adoption of the cloud, then simplicity is the barrier to adoption of strong security for the end user. Maggie, has there been progress at RSA this year in innovative simple strong end user security?
Complain about this comment
I think there are many issues with the cloud concept:
1. Security as this blog suggests:-
a) Personal information including data, passwords, etc.
b) Information classification (within country and globally).
2. Data streaming
a) Hacking potential by unscrupulous individuals/companies.
b) Upload/download speeds (Broadband streaming documents to each router and each computer on that router means that the UK is nowhere near the required usage speeds even at the coutrywide ideal of 2MBPS).
3. Thin/thick client
My experience of this is that work can be lost due to connection outage. Also if Office/OpenOrg/etc becomes thin client then see 2.b) above.
4. Will this global "clouds" monopoly mean that everyone is forced down the Microsoft route (HMMM)?
5. Will the software become more streamline coded rather than the current bloatedness of Microsoft software?
If Clouds is as poorly implemented as some systems I have experienced then this will not get normal joe public onboard and the technophobe will steer well clear.
D1gger5
Complain about this comment
For some people (myself included) cloud systems are a pointless step backwards.
While time sharing made sense in the 70s when computers were a commodity, in the 21st century they're not.
Since we can already do everything we need to on our budget PCs (let alone those that fork out for high end systems), cloud computing strikes me as a loose / loose scenario:
* reduced functionality (except in regards to networking clouds - but hey, I could already do everything facebook (for example) does now, back in the 90s)
* less control of your data (tinfoil hat for a moment, but can you really trust a complete strangers with gigs of personal data?)
* slower applications (I don't give a toss how much JS interpreters have come along, they still under perform compared to a native C++ application. And don't get me started on the pig that is Flash)
* in terms of my particular home set up - less secure too (though this is debatable for some people - particularly those that surf the net on a Windows administrator account and no adequate anti-virus)
In fact, the only benefit I can see from cloud systems are off site back ups - but even this has proved unreliable in 2009 with a number of high profile incidents involving data centres loosing customers data.
Then there is the problem of funding: Microsoft have openly stated they want to move to a subscription-based model for a number of their current products once the technology is in place to deploy them remotely via MS clouds.
While a subscription service might suit some people, personally I want to pay a one off fee for the products I use regularly and use free (or open source) alternatives for those services that I use sporadically.
So thank God there is an alternative to the world of clouds because thus far I'm yet to be convinced that 21st century needs a 70s revival.
With agreed standards in communications protocols and file formats there's little need to cloud compute - except for a centralised app store (e.g. iPhone app store, Linux software repositories, etc) to ensure every ones products are up to date.
</rant>
Complain about this comment
Cloud computing for handling user and corporate specific data could take a while to become accepted - mainly due to security concerns and lack of high-speed broadband.
Where it may well take off will be in the offering of streaming services where the user security isn't quite so important in the minds of the users.
Oh, and why do people spell lose with two o's?
Complain about this comment
@4 Laurence:
Oh, and why do people spell lose with two o's?
My reply:
I do it because I'm an idiot who can't grasp his own native tongue. :P
Complain about this comment
Personaly I think cloud computing is a BAD idea. Giving control of all our data to coroporations? Not me thank you. I think of the times I have had to reinstall some software for whatever reason, I hate to think how long it will take these companies to sort out any form of glitch, virus or crash.
I like to administer my own programs how I see fit on my system that I paid for. If I NEED to access all my programs and files from somewhere else I can set up a VPN or other form of remote access. Sorted.
Not to say there are no benifits of cloud computing, I think about all the times I have pulled my CV off Monster or a picture off Facebook...
Complain about this comment
I can't see myself using Cloud services to a high level for a while. For a start, the games I can play on my computer are far more advanced than anything that is played in a browser. (think of those free games sites). Secondly, what if you actually need to run a more complex programme than Word? I use Pro Engineer occasionally on my computer. No thin client is going to manage even a basic simulation there.
Complain about this comment
The IT industry is just one big hype - so they've rediscovered timesharing. The industry is always going through either a centralisation or decentralisation phase - reality is that you balance these depending on price and function. What we need is more choice, innovation and competition. Look at the scale of profits taken by Microsoft, Oracle and SAP - together these are probably 60/70% of the total industry.
I would like to have great access to cloud computing facilities on my PC and more PC function choice; the pricing models will be interesting and yes security is an ongoing issue.
It would be good if this changes the industry dynamics and brings more competition and innovation (not seen much innovation from the profit leechs - they just plod along)
Complain about this comment
Using the cloud means an organisation does not know where its data is held, whether security controls are operating effectively at all times, nor can the organisation be sure of ongoing availability of access to its information.
These are more than mere stumbling blocks to cloud adoption - they are 500ft high electric fences.
Complain about this comment
I am sure most computer users are becoming increasingly aware and concerned as to the issue of security, due the amount column space given by the press over this issue. What they want now are answers that offer real time protection to our data!
Complain about this comment
@ 9. James Rigby wrote:
Using the cloud means an organisation does not know where its data is held, whether security controls are operating effectively at all times, nor can the organisation be sure of ongoing availability of access to its information.
These are more than mere stumbling blocks to cloud adoption - they are 500ft high electric fences.
My reply:
In those instances, organisations would build their own internal cloud.
In a way, some already do (you only have to look at the number of systems locked into IE6 due to poorly-considered intranet applications to gauge the wide spread of internal cloud-like systems)
In fact, the /ONLY/ time I agree with cloud / time sharing is in regards to internally centralising databases and information that is likely needed to be shared across said organisation.
Complain about this comment
A warning:
To more and more of a degree I already use 'the cloud' for many computing needs. Take my Emails, they are stored on Googles servers and I can get at them through my phone, at work, at home or on the road. I can use Facebook and YouTube and countless other services too. But you see for me personally I still have that little niggle in my mind who really has my data, how safe is it and will it be around in ten years?
It is not likely Google will shut up shop in a decade, but I have learnt at my own expense how changes a company makes affects my data. I've had the Internet since 1995. Around about 1997 I made a site with Yahoo! Geocities. It grew and grew over time and I was rather proud of it. Fast forward to MySpace and Facebook and the likes of a site such as mine was pointless, once could blog with ease, share information with many in the same network and not have to go to another URL.
Last year Yahoo! closed down Geocities. They gave warning of this, but I did not want to take everything off the site and back it all up - It was not *that* important, but was to me more sentimental in value. I liked sending people their to see what I had been up to all those years ago, and at the time and throughout using it felt sure Yahoo! would keep that (foolishly for all time in my mind) but they did not, because rtoo few people were using the service and was costing Yahoo! too much to keep going.
Now let us take this example that in time more and more data is stored, used and integrated into the very programs we use. Themselves being run 'live' over the web and not running from our own hard drives. Leave security out for now, leave the worry about a 'techie' at a data centre messing up and loosing some data or downtime as you are working - What happens when ABC Inc. that you trusted and have used for a few years decides not enough users are now using their service, the cost of running their data centre is too high, they get taken over by another company..And the result is 'You have 3 months to get all your data from us before we shut down our services'. It could happen.
And by then you have gigabytes worth of information, documents, photos and all the like stored 'in the cloud' because if we would believe the hype, we should use and trust the cloud to free up our own computer storage space and worries of hardware failing and trust the big companies with their backups and the like to keep it safe. But as I said earlier, if for economic reasons was to end (and you can bet there be many more companies that Google and Microsoft etc offering cloud computing if it takes off to get their mitts on some handy cash) can you imagine the time and hassle re-downloading all that data?
And if you did that and then find that the documents you created worked fine in the cloud, but you never bothered to get a copy of MS Office to run on your local machine because you trusted the cloud version and now that is gone you cannot open your documents, because you have to buy more software.
Perhaps all I say is worse case. But at the end of the day these companies are not public services, they are in it to make profits and if it is no longer profitable they are not required to continue going. Just as Yahoo! and Geocities. I lost all the things I had when they shut, and just made me wake up to the 'what if'
Complain about this comment
This is the worst ideas I have heard in a long time by far.
There is so many problems with this that I have to list it right up there with the wireless networking in a business and ripping out old working pbx to put in Voip.
The problem is I think it might take off. On paper the accounts will love it. A regular payment and not the usual lump sum, every five to ten years and cutting of staff.
Maybe it’s my age (26) but I have seen new technology come and go and not always for the better and this is one of the new ones that will stick and is a really stupid idea.
As rightly pointed out security is the big issue here. We can make it secure. But security is a balance between usability and security and by the concept of having it in the cloud makes it unsecure to make it usable.
We must also remember that we don’t necessarily need access to the full data for the security to be breached. We just need to record the data flow. Sure it’s only a fragment of information that will be encrypted and captured. But encryption just needs time to brake and that fragment may be a credit card number or worse. This we can’t guarantee won’t happen due to the way of the network works. Then put into the picture possible denial of service attacks on the provider, the provider going bust, data retained too long, data being in an undisclosed place or service providers monopolising the service and increasing costs. And if it’s Microsoft you can tell they will push product change on their users every three years. I can honestly say I know a lot of people reluctant to migrate to the new office because of the training problems that it will entail. Not to mention ISP’s charging more through quality of service, blaming the network connections problems on the customer and so forth.
After all this one point hasn’t been mentioned that is a massive money saver to the detriment to the employee, this is the first step to home working. Same pay but the business doesn’t pay for the electric to light and power your home or gas to heat it or the council tax or the rent or the cleaner to tidy the accumulated clutter. Not to mention the possible health implications. But don’t despair they will make it out that they are doing you the favour.
For the home user I think this service will be not too bad an idea driving down the cost. But For the business it’s an idea that shouldn’t be entertained. But what can we do? The accounts rule the business and they can’t see past the end of the savings for the financial year.
Complain about this comment
We need to realise it that whenever we are connected to the internet our data, activity and communications have the inherent capacity to be viewed by others. This is true in any intranet that allows outside access through a VPN or other remote working solution. The real issue here is Trust! Do we trust our home/office systems to give us a better degree of security than a professional provider with whom we have a clear service level agreement for provision and security? If so, then perhaps we ought to start all making our own front door locks!
Most of us in some way, shape or form already interact with cloud computing through services such as Gmail, Hotmail and others. We are beginning to listen to music on the cloud through services such as Spotify. We happily catch up on our latest soap-fix by stream cloud based video providers such as iPlayer and SeeSaw. Cloud is here to stay and will be catalysed further by mobile phones serving cloud offering through these ubiquitous and pervasive pocket devices.
One of the more interesting issues to ponder is under what countries data privacy laws does your data reside? Is it yours, your providers or where the data happens to live at that particular moment?
Bring on the Cloud I say and let us fully utilise the processing power and storage capacity of the Internet rather than wasting energy and mineral resources upgrading our systems in the misguided self assurance that we are more secure!
Complain about this comment
My company - OfficeAnyplace - has been offering what we now call Cloud Computing for 5 years. We've never had a security breach, and nor do we greatly expect to. Everything we do is 128/256-bit encrypted in all data streams.
At the SME level, our systems are *far* more secure than the non-Cloud clients I do analysis for, which are typically full of holes.
Thin technology works fine for heavyweight programmes that are non-multimedia in nature - and even there, HP's new systems are providing remarkable breakthroughs.
Cloud computing will happen because Economies of Scale dictate that it makes sense. And it already has.
A simple example - who is better able to provide anti-spam resources? Your, carefully updating IP numbers, and keyword lists every day? Or a global agglomeration of people and machines, operating through the Cloud via Spamhaus?
We all use Cloud based resources every day; apart from spam, your av software downloads from the Cloud. But, importantly, nothing new is actually happening (Anymore than it happened with Web 2.0) - it's simply that the media have a new buzzword to toss around :)
Complain about this comment
Let's play some Cassandra of Doom
Not only cloud computing, the whole web is gonna shrink. Because excessive competition has already hit the magic counter: zero price. How long is it sustainable? Ad based revenues will fall once the advertisers wake up to adblocking. Paywalls will lead to the internet becoming less universal and open; unless the part-timers carry on. I can't see why I would do a full-time job that doesn't pay me.
Maybe the Internet will become more focused as a result. Less information junkies. All these will only inflate the dark fears about privacy. Desperate corporates will be evil. That's a fact of nature. And if the guards go rogue, who will guard us?
As for impenetrable security, there are no unbreakable locks in real world either.
If we see a congruent fall in traditional media, maybe the effect won't be much. People will pay because they have to. Myself, I can't bring myself to enter a credit card number on the computer.
I hope I'm wrong.
Complain about this comment
I use a lot of design software. Much of it has steep learning curves, and takes time to learn to use effectively. I heard that Adobe, and others, were considering the future prospect of moving their software to the cloud in an effort to combat piracy. So nobody would buy a single copy for use on their own computer, but instead pay to 'log-in' and use it, then download their work to their own drive. I really don't like this: it means we would have to pay to practise, or even play around. No more doing a quick birthday card for your mum, when it could cost you 5 times what it costs to buy one. No more doing free or discounted favours for your mates, because you've got a fixed cost to pay every time you use the software. Bad idea.
The cloud may have some useful applications, but people are getting too excited about it. It will make a lot of things worse. As for security, people say nothing in the real world is truly safe, but that doesn't stop them locking their doors, does it? And I don't think the Crown Jewels have been stolen lately, either. So we can build good security, if we want to. It's just nobody wants to spend the money.
Complain about this comment
@11 (Laumars): "My reply: In those instances, organisations would build their own internal cloud."
An internal cloud? But...wouldn't an internal cloud be quite different from a real cloud? I mean, if you took a cloud and brought it to ground level and squeezed it into a building, what you would have would be...
a bunch of hot air.
Wait - actually I think you may be on to something!
Complain about this comment
What goes around, comes around.
The idea of a central store of data/applications is as old as computing.
As an IT professional of 30+ years I note that every 5-10 years someone comes up with an idea like this.
It's not actually about improving IT, it's about regaining control. The genie was let out of the bottle with the introduction of the PC and ever since the big players have been trying to put the stopper back in.
The psychology is also wrong and this is where the problem is, not the technology. Would you personally put all your data eggs in one basket, if someone else owned that basket and you did not even know where the basket was kept ?
Oh yes, the assurance that ‘... no one can access your data ...’ is nonsense. IT staff DO look. Sometimes it’s because there is a problem to fix and sometimes it’s because they can. I have seen it happen.
Ask a big firm providing ‘Cloud’ solutions and ask them if they would be happy to put their ENTIRE operations in the hands of a rival ‘Cloud’ service. Their answer should inform your own choice.
Don’t get me wrong, the ‘Cloud’ idea is a natural progression for the internet and it will be useful, but (and it’s a big but) it’s not the all encompassing solution that the salespeople would have you believe.
Complain about this comment
View these comments in RSS