Tuesday, January 12, 2010

Security in the Swamp

I just read a great article published by MIT called “Security in the Ether”. You really should read it, too. This five page article has a lot of great information in it. In the “what’s in this for me” reason to read the article I was immediately captivated by this comment:
When thousands of different clients use the same hardware at large scale, which is the key to the efficiency that cloud computing provides, any breakdowns or hacks could prove devastating to many.
This means security is key. One breach and instead of a company being affected you have the potential for multiple companies to be affected. I remember a marketing focus group I did about federation a few years ago and one CIO said to me: “Are you kidding? I can’t trust my own end-users and their passwords when they access my systems let alone a federated system.” The cloud is simply going to magnify these problems – security or otherwise.

If you read my previous post about PKI you can imagine my reaction to this statement! “But fully ensuring the security of cloud computing will inevitably fall to the field of cryptography.” Oy-vay! Cryptography? Crickey, I hope the future of cloud computing doesn’t rest on making PKI work! After all, we are moving forward through the swamp to the cloud regardless:
But such concerns aren't stopping the ascendance of the cloud. And if cloud security is achieved, the benefits could be staggering. <snip> If we are clever about deploying cloud computing with a clear-eyed notion of what the risk models are, maybe we can actually save the economy through technology.
Ah, there you go, that “risk” word again. Trading off risk versus security once again.Hmmm, it’s déjà-vu all over again!

1 comment:

Unknown said...

Architecting security properly for the cloud means forgetting the traditional "Build an app then build a wall around it" approach to IT security and developing security to be part of the base DNA or fabric of every component...

Cryptography is usually associated with these old-style walls.