NNSquad - Network Neutrality Squad
[ NNSquad ] Securing the Cloud -- and the Trade-Offs Therein
Securing the Cloud -- and the Trade-Offs Therein
http://lauren.vortex.com/archive/000657.html
Greetings. A few days ago, I briefly discussed my belief that "cloud
computing" has and will have enormous promise, but I also expressed
the concern that some fundamental security and privacy issues -- while
solvable -- may not be sufficiently developed today to satisfy the
requirements of all potential users
( http://www.nnsquad.org/archives/nnsquad/msg02492.html ).
I received quite a few comments, mostly asking in what circumstances I
believed that cloud computing is or isn't appropriate for any given
application.
That's a difficult question to answer succinctly, since user
requirements vary so widely, and the very concept of "cloud computing"
(as the term tends to get tossed around) covers a great deal of
territory -- storage, e-mail, real and virtual machines for general
purpose remote computing, and so on.
So right now I'll just touch on a couple of points. As always, there
are lots of trade-offs involved in the selection of information
technologies.
One basic issue is the degree of privacy that you desire or require,
vs. the costs you're willing to pay. For example, since most Internet
users have neither the capability nor inclination to run their own
mail servers (though significant numbers would do so if their ISPs
didn't forbid it!) it's common to host (at least part of the time)
your e-mail "in the cloud" -- e.g., on ISP servers, Google's Gmail, or
whatever.
Such remote e-mail hosting, whether accessed via POP, IMAP, Web
browsers, or other means, is different in key ways from local mail
storage.
First off, as long as the e-mail is on remote servers, it's likely
better backed-up than if it was just sitting on your own computer. On
your own machine, statistics suggest that your mail and other data
likely isn't backed-up well or at all. On the other hand, e-mail not
under your immediate control will likely incur a different (and in
some respects generally weaker) set of legal (privacy) protections
than e-mail in the cloud.
Does this really matter in practice? The easy answer is yes -- but
that wouldn't be entirely accurate. For many people, the trade-off
between reliable remote storage and comprehensive (e.g. Gmail) mail
handing functionalities, vs. theoretical privacy concerns, may skew
heavily toward the cloud. This may particularly be true for services
like Gmail that offer the option of full-time TLS (https:) secure
connections between user browsers and Google servers. However, there
are other users who wouldn't want to store their e-mail remotely under
any conditions, for any period of time longer than required for
transit and delivery (with server-to-server crypto at least of the
STARTTLS variety when possible).
The honest analysis is that these sorts of decisions are very much
personal ones. The key is to try be sure that you fully understand
the implications -- both positive and negative -- of these choices,
and not choose your applications and services paths solely based on
the say-so of either boosters or detractors.
When you're mostly concerned with remote storage rather than remote
computing and processing per se, the situation can sometimes be a bit
more straightforward.
If you simply wish to store data securely and reliably "in the cloud,"
then there's no obvious reason why the service provider would
typically need access to the plaintext data or the means to decrypt
encrypted data.
Various interesting work has been proceeding in this area.
The open-source Tahoe-LAFS project shows particular promise for
providing a cloud-based, encrypted, reliable remote system for storing
data -- much like a secure, distributed RAID environment
( http://bit.ly/8kPZNm [Allmydata.org] ).
With the increasing sophistication of client-side applications
operating in advanced browser-based, server-supported cloud
environments, it seems likely that a range of applications beyond
"simple" storage will increasingly be able to function in modes where
the actual data will not need to be plaintext accessible to the cloud
provider.
But here again, there will be trade-offs. Some functionalities will
likely perform more comprehensively or faster with server-based
processing requiring plaintext data availability. Some valuable and
popular services that may be viably provided for free when users allow
plaintext scanning (e.g., of e-mail for ad displays) might not exist
or might need to be fee-based without such scanning.
In the future, it's possible that both the free and fee service models
will coexist in new contexts that don't exist widely today, perhaps
based on both service capabilities and user-selected privacy
paradigms.
It's undeniable that the future of computing is in the clouds. But
the shape of Internet clouds, like the clouds fleeting across an azure
sky, are a process rather than a fait accompli. Our sky gazing at
cloud computing has only just begun.
--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
- Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition
for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein