Cloud thoughts

Published: 2011-06-12
Last Updated: 2011-06-13 00:32:30 UTC
by Mark Hofman (Version: 1)
13 comment(s)

The cloud means a number of different things to different people.  For some it is the new frontier, the way forward. For others it is outsourcing by a different name and even less control over what happens in the cloud.  In true security fashion and one of my favourite answers, it depends. The reality however is that it is inevitable, in some aspects of your work you will come into contact with the cloud, or you will be asked to secure it. 

So lets have a look at a few of the challenges in cloud world, and if your weekend or Monday is as drab, wet and cold as mine add your comments to the list. We'll try and keep it to pros and cons.

Pro Cloud: 

  • Free up resources from performing menial tasks
  • Access to resources at a price you can afford
    • Getting affordable offsite storage or backup facilities are often cheaper in the cloud than you can do yourself. Especially for smaller businesses.
    • Quality content filtering solutions
    • IDS/IPS services
    • etc.
  • Less limitations
    • e.g. online backups. if you need more space, you purchase it and it is there

Con Cloud: 

  • You do not necessarily know where your data is?
    • Many cloud providers have in their contracts that they can move your services about. So if it is important that your services are delivered locally, then some cloud providers may not be what you are after,
  • How do you get your data back when the provider refuses access or goes bust?
    • Companies go bust.  If your core data resides with that company, how do you get it back
  • Who has access to your information?
    • The cloud is a shared environment. there will always be at least two parties that have access to your information, you and the provider.
    • Attackers
    • Legal entities, depending on the jurisdiction you are in different legal entities may have access to your data.

So that has us started. If sending through comments please state clearly at the start whether your comment is Pro or Con.

Happy thingking

Mark H


13 comment(s)


CON... for certain.
1. There is -no- agreed upon security standard.
2. Cloud providers are -not- responsible. They say so.
3. Pay for that?
4. Even Dilbert and Scott Adams know:
"... You say "Cloud Computing" to an executive and their eyes glaze and they sign whatever PO you put in front of them. They have no idea what it is, but they have been told that they want it."
IDS/IPS services? Really? We priced several providers as a DR site for a public web site, one that is effectively brochure-ware only. Putting a firewall in front of the VM was at least $300 per month and they "managed" it and we had no access to any logs. Yes, a firewall is optional!

The "cloud" is the 21st century version of "The emperor has no clothes."
* you don't have to have floor space, cooling, electricity, or personnel for a big old SAN

* you are still responsible for securing your data only now they are on a foreign / hostile system and you have no control over how they are moved, shared, or stored
There are some great pros of using cloud technology, however I would go through the following steps:

1. I would identify what cloud services I would want to use. I would probably only stay at the data storage service only.

1. For the data storage part I would completely risk assess all of my data and then only put data I am comfortable with if anything happened, taking local copies periodically.

For instance, I wouldn't put anything on there that would breach legal responsibilities if it became lost stolen or leaked.

I would also make sure the contract was pretty good to ensure a standard of service.
1) The cost of no security for your data could be astronomical in size. The legal implications HIPPA, SOX, etc also play into security of the data

2) Leaving the door open for everyone to look at the data just because it is "cheaper" up front is analogous to letting strangers wander through your house just because you you're too cheap to provide a lock on a door.

3) How exactly CAN you control who puts what data where? i.e. you ahve an internal network for 'secure' data but some nitwit drops the latest batch of personnel files 'in the cloud'

4) Once data is leaked to the cloud there is no absolute way to secure it again.
If your internet connectivity is down, your access to the data/application/functionality is down (unless there is some offline capability build in). Some apps can tolerate this, but some cannot.
Cloud works by making many servers act as one, putting some close to the edge of networks you use. How do you know when one path becomes error prone causing your online presence to look like a broken piece of garbage? I know.. never happens... ha!

How do you do damage control if you don't even know this happens? Do you think you get a call every time someone has a problem or better yet do you think your cloud provider will tell you? No!!, and your customers just leave! Bad for business unless you have complete control, which you never can in the cloud.

How many times have you downloaded something from the net only to find it crawls, then you cancel the request and try again... and it works? Bet you are going to the cloud!

Cloud is cheap, but not a solution if you need something that is solid with full control. You still have to build your own upload network to make it work in any event.

Remember the days of peering arrangements? They still work but they cost more. Reason.. they are still better.. and you can see what is happening if you know how.

As the new cloud ages you will have more and more problems, not less. And no one will be accountable except you in your customer's eyes.

Oh, one more big con... for the receiver of cloud transmitted data..

Just one more way to load up nasty code to something, which now can be pushed globally in seconds!

Let's say is known to be viral. Do yo uknow if is?
"How many times have you downloaded something from the net only to find it crawls, then you cancel the request and try again... and it works? Bet you are going to the cloud!"

That's actually a very good point. I remember reading about people who had extremely slow iTunes downloads while others were fast. People that had switched to Google's DNS servers were very slow because the iTunes servers tried to be geographically aware as a way of balancing load but everyone using Google's DNS servers seemed to come from the same location.
Backup has never been trivial. When you move your data "up" ind the cloud - how do you:
1) Know that that your backup is on a physical different media than the original?
2) Test the integrity of the backup?
3) Perform a disaster recovery (e.g. to another cloud provider) ?

Diary Archives