January 13, 2011 at 7:39 am
'cloud' can mean different things.
Our parent corporation has a privately run 'cloud' and the different divisions are more and more moving their processes and data there. What is different about this is that the data professionals at that location are directly responsible to our corporate management, not to Google or Microsoft.
...
-- FORTRAN manual for Xerox Computers --
January 13, 2011 at 9:42 am
GSquared (1/13/2011)
...
Legend has it (might be true) that there was a guy who, in the 1930s in the US, became certain that war was going to break out and that the US wasn't safe any more from potential aggressors like Japan and Germany. So he scoped out his options and picked the safest place in the world to move to, and island lost in the vastness of the Pacific Ocean, practially unknown, barely on any maps, uninhabited, and in all other possible ways, "secure". The island's name? Iwo Jima. (Look it up if you somehow missed that one in history classes.)
...
According to Wikipedia, Iwo Jima island is just a few hundred miless off the coast of Japan, already had a population of about 1,000 prior to WW2 including a Japanese naval base, and it's actively volcanic. Either this article has it's facts wrong, or that guy didn't do enough research.
http://en.wikipedia.org/wiki/Iwo_Jima
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 13, 2011 at 9:49 am
Eric Russell 13013 (1/13/2011)
GSquared (1/13/2011)
...
Legend has it (might be true) that there was a guy who, in the 1930s in the US, became certain that war was going to break out and that the US wasn't safe any more from potential aggressors like Japan and Germany. So he scoped out his options and picked the safest place in the world to move to, and island lost in the vastness of the Pacific Ocean, practially unknown, barely on any maps, uninhabited, and in all other possible ways, "secure". The island's name? Iwo Jima. (Look it up if you somehow missed that one in history classes.)
...
According to Wikipedia, Iwo Jima island is just a few hundred miless off the coast of Japan, already had a population of about 1,000 prior to WW2 including a Japanese naval base, and it's actively volcanic. Either this article has it's facts wrong, or that guy didn't do enough research.
Or, more likely, it's just a legend (as originally indicated), and has a similar facility to Aesop's Fables for illustrating a point about planning for the unplannable.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
January 13, 2011 at 9:54 am
GSquared (1/13/2011)
Or, more likely, it's just a legend (as originally indicated), and has a similar facility to Aesop's Fables for illustrating a point about planning for the unplannable.
If it's a fable, then I guess the moral of the story is: if you try to run from your fears, then you're likely to run straight into the thing that you're afraid, so it's best to stand on your ground and fight.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 13, 2011 at 10:43 am
john.richter (1/13/2011)
...With cloud storage it is likely that even the rough calculation of what I call an "insecurity quotient" may be impossible for a customer to know.
...
You have a good analysis, John, but it seems to have the tone that assumes the cloud is less secure. I agree with what you are saying, just not sure that the way you say it actually is helping us better understand.
The statement I've quoted above is the one I like best. It is definitely a problem in any scenario, and cloud providers would be better served if they were very open about what the paths and access are, as well as what steps they have taken (insurance, bonding, etc) to ensure security.
January 14, 2011 at 6:27 am
Steve Jones - SSC Editor (1/13/2011)
I agree with what you are saying, just not sure that the way you say it actually is helping us better understand.
Steve, I'll try this one more time.
Just about everyone is familiar with the concept of mean time between failures, and that the MTBF of each component compounds with that of all other components to result in (often) dramatically lower MTBF of the entire system. For a very simple example, and to refresh our memories, a system with four components, each with a MTBF of 100 hours, has a system MTBF of 25 hours.
A similar concept exists for security, mean time to compromise. However, as a little of one’s own noodling on the subject will show, arriving at MTTC numbers is much more difficult than the estimates used for component MTBF, and this conclusion is backed up by those who have tried to quantify the risk.
What we can know, however, is that each part of a data system, be it the user, the user’s interface to the data—typically a PC, the various segments of the network, the various network routing, switching, and control devices, the data storage devices, the host system(s), and all of the software components of each of these do represent risk—they can be compromised. On complex single components, such as a Windows PC, this risk goes down to the software module and function level.
Moreover, when dealing with the distribution of data, the compromise need not be involved in an attempt to breach further into the system—that is, to compromise additional components. The compromise at whatever point may be sufficient for access to the data desired. An account and password at a remote PC may be all that’s needed. Or a tap at an unguarded line or switch. Or a flaw or missed threat in an antivirus program. Or an unlocked terminal in the data center. Or a buffer overrun in an internet browser. Or ...
Worse, while redundancy can increase availability so far as system uptime is concerned, as regards security, it increases risk. Even components that one might not bother to count as part of a system MTBF, such a single PC failing out of a hundred, still have to be calculated in the mean time to compromise. That single PC may be immaterial so far as the system going down, but any one of them can serve to compromise the data.
What this says is that the more complex and distributed the system, the more opportunities there are for security failure. We don’t need to have even the estimated numbers for MTTC to know this much.
Given the same reasonable care and concern for security, the less accessible, localized or contained system will translate to fewer chances for compromise and will have the probability to be more secure than the system with hundreds or thousands more components accessible from anywhere.
So, given all this, yes, I think the cloud is inherently less secure.
A footnote: Someone made the reference to John Dillinger, citing Dillinger as evidence that vaults were not efficacious. To be clear, Dillinger was a bank robber, not a safe cracker. I don’t see anywhere that he ever attempted to open a vault on his own. He used secondary access, bank employees usually, gaining cooperation, sometimes with trickery, and the rest of the time with the business end of a gun. It can be said that Dillinger did not compromise vaults. He compromised other parts of the system to get what he wanted.
Vaults, by the way, are rated by their mean time to crack—well, that’s not the term the safe industry uses, but it’ll do. It seems everyone serious about the security business at least tries to measure risk.
January 14, 2011 at 7:48 am
You have a good explanation, John. Just not sure that it's entirely valid to paint a paradigm or framework as "less secure" with a broad brush.
The flip side is that you concentrate resources, with fewer, potentially (though not necessarily) better trained people that protect things better. Not saying that you are wrong, but that you are painting a scenario that doesn't necessarily assess the positives as well as the negatives.
Given past history, and we went through this in many cases with web servers, the ASP/outsourced/"cloud" providers have performed in a mixed role. Plenty of non-hosted environments have resulted in security breaches.
January 17, 2011 at 6:40 am
Steve Jones - SSC Editor (1/14/2011)
Given past history, and we went through this in many cases with web servers, the ASP/outsourced/"cloud" providers have performed in a mixed role. Plenty of non-hosted environments have resulted in security breaches.
Point taken. I did leave myself this out: "Given the same reasonable care and concern for security ..."
What frightens me most about broadly available systems is this historical footnote: In WWII, both the German and the Japanese most secret codes were broken, almost from the start or even before hostilities. Neither the Germans nor the Japanese suspected this or believed it possible. The Allies were very careful to keep their decryption ability secret, using it only when the results could be explained by some other circumstance. In other words, the Allies were very serious and very professional in their cracking.
In our business today, what I see is news about what I believe are the amateur crackers. I do have to wonder: What are the pro's doing?
January 17, 2011 at 10:30 am
The pros are cracking our systems and selling information!
We ought to have this discussion, and the best thing that can happen is better disclosure and more openness about how security is implemented, or more importantly, monitored.
January 17, 2011 at 10:57 am
Steve Jones - SSC Editor (1/17/2011)
The pros are cracking our systems and selling information!We ought to have this discussion, and the best thing that can happen is better disclosure and more openness about how security is implemented, or more importantly, monitored.
If someone hacks into the corporate database for a retail chain, then all they have are credit card numbers and personal identifying items, which can be mitigated by getting a new account number and credit report monitoring. However, storing operational data in a 3rd party cloud increases the opportunity for a catastrophic security breach. You'd have medical, financial and consumer data for millions of people all in one basket. It would be like pirates targeting a flotilla of Spanish Galleons.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 17, 2011 at 6:26 pm
This is an interesting little discussion bubbling along here.
John's security points are well made, but I agree with Steve that these can apply equally well to 'internal' servers. After all, the 'cloud' is really just a collection of internal servers.
While exposing these to the internet definitely adds surface area for attack, history would show that there is an extremely non-linear relationship between surface area and MTTC. If all traffic is encrypted (essentially a VPN), then the risk may not be heightened too greatly over internal services.
I read with interest the SQLServerCentral article a while back on how one company had essentially NO IT standards, and how it made them extremely resistant to attack, since different servers ran different protocols, OSs, etc, had different admins, so only a few machines were vulnerable to a given attack.
We do tend to run IT as a monoculture with cloned PCs, which like agricultural monocultures are quite vulnerable to a single attack vector. (In keeping with John's digressions, apparently every cavendish banana plant in the world is cultured from the same ancestor - they are essentially clones, and experts say that it is just a matter of time before some disease literally eliminates - to extinction - that variety of banana. This has happened before with other varieties.)
So in keeping with the well hallowed, 'it depends', I would say a critical issues is: how many servers are run in a monocultured 'enclave', and to what degree are the data stores and delivery mechanisms kept separate, not only for different applications but for different clients ?
It would be possible to actually run a set of cloud services as completely independent operations with separate data stores, while making it look as if they were part of a single integrated whole.
The point was made earlier, though, how do you assess what systems your vendor is using ?
Could it be true that the most secure 'cloud' systems could be completely transparent, with publicly documented and verifiable architecture, in the same way that secure encryption algorithms are public and this decreases their effectiveness not one jot.
The conclusion might be that 'Security by obscurity' is a tempting addition to the mix, but ultimately not a desirable ingredient.
January 18, 2011 at 6:56 am
John:
You're right, and wrong, both at the same time.
First, yes, concentrating resources CAN result in greater security. However, one of the key principles of higher level security planning is distribution of targets.
To go back to your vault analogy: A huge vault can be very, very secure, but if it ever is penetrated, EVERYTHING in it is lost.
So, if all of a company's data is stored in a single, high-security location, with all servers, software, personnel, the facility itself, all following best security practices and constantly alert to new threats and attack vectors, they are secure, but any breach at all pretty much means they're toast.
Another company, even with less stringent security practices, with half its data in "the cloud" and half in local storage, is only going to lose half if someone breaks either system. Now, go to an extreme and have data in multiple "clouds" (multiple providers), and you can mitigate losses to the point where hacking any one system can be rendered completely useless.
But all of this ignores EXACTLY what I brought up with Dillinger. You don't have to hack the system. Take a look at the major data losses by companies over the last 10 years, and the number where external hacking was a major factor is completely lost in the noise. As you mentioned, he used people as a bypass into the vault, and most modern data criminals use people as a bypass into the data.
Focusing attention on "is the cloud less secure" actually takes attention away from the most important security consideration, which is and always will be authorized users, which actually reduces overall security. Want to reduce security? Try distracting the guards. Distracted guards, paying too much attention to the security footprint of "the cloud" are more likely to miss that the CEO's Executive Assistant, Bob, is selling company info, than otherwise. "Hey look! Our localized, high-security, single-location server just successfully repelled another malware download from someone's e-mail," may sound like good news, since it means the "guards" are alert and paying attention, right until they read in Newsweek that their sales team lost the third laptop with customer data on it this week, exposing thousands of credit card numbers to, well, everyone.
So, yes, the cloud is inherently less secure to the degree that it opens more channels for data access. But how much less secure? What percentage of security attention should be on that, versus on personnel issues?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
January 18, 2011 at 9:06 am
I actually like Bruce Schneier's solution better. We will get hacked, we will have data breaches, so we ought to have better monitoring. Better analysis of what is happening.
To me, whether that's the cloud or internally, we need to have better monitoring.
January 20, 2011 at 10:24 am
I agree with you Steve. While I understand the concept of the cloud, I'm not certain that I'm ready to relinquish the control and responsibility of my (my employer's) data, which just happens to be my livelyhood. I view the cloud scenario as being very similiar to the scenario of letting someone else manage my money. If I trust the wrong advisor and he fails, then I have only myself to blame. While I do believe that the cloud has its place and even its advantages in certain situations, I'm not yet convinced that its a good platform for mission critical applications or sensitive data.
January 20, 2011 at 10:34 am
One caveat here, it might be good for some things. So maybe you want your remote application to look up product information from a cloud db instead of coming back to your OLTP database. It might be a better way to achieve performance, and only come back to your on-premise database for inserts/updates or orders.
I love the technology, however, and I want to see cloud-service type software in my data center.
Viewing 15 posts - 31 through 45 (of 45 total)
You must be logged in to reply to this topic. Login to reply