Home' Technology Review : January February 2010 Contents FEATURE STORY
TECHNOLOGY REVIEW JANUARY/ FEBRUARY
manage usability," he says. "If you want a perfectly secure system,
take a computer, disconnect it from any external sources, don't put
it on a network, keep it away from windows. Lock it up in a safe."
But not everyone is so sanguine. At a computer security con-
ference last spring, John Chambers, the chairman of Cisco Sys-
tems, called cloud computing a "security nightmare" that "can't be
handled in traditional ways." At the same event, Ron Rivest, the
MIT computer scientist who coinvented the RSA public-key cryp-
tography algorithm widely used in e-commerce, said that the very
term cloud computing might better be replaced by swamp comput-
ing. He later explained that he meant consumers should scrutinize
the cloud industry's breezy security claims: "My remark was not
intended to say that cloud computing really is 'swamp computing'
but, rather, that terminology has a way of a ecting our perceptions
and expectations. Thus, if we stop using the phrase cloud comput-
ing and started using swamp computing instead, we might find our-
selves being much more inquisitive about the services and security
guarantees that 'swamp computing providers' give us."
A similar viewpoint, if less colorfully expressed, animates a new
e ort by NIST to define just what cloud computing is and how its
security can be assessed. "Everybody has confusion on this topic,"
says Peter Mell; NIST is on its 15th version of the document defin-
ing the term. "The typical cloud definition is vague enough that
it encompasses all of existing modern IT," he says. "And trying to
pull out unique security concerns is problematic." NIST hopes
that identifying these concerns more clearly will help the indus-
try forge some common standards that will keep data more secure.
The agency also wants to make clouds interoperable so that users
can more easily move their data from one to another, which could
lead to even greater e ciencies.
Given the industry's rapid growth, the murkiness of its current
security standards, and the anecdotal accounts of breakdowns, it's
not surprising that many companies still look askance at the idea of
putting sensitive data in clouds. Though security is currently fairly
good, cloud providers will have to prove their reliability over the
long term, says Larry Peterson, a computer scientist at Princeton
University who directs an Internet test bed called the PlanetLab
Consortium. "The cloud provider may have appropriate security
mechanisms," Peterson says. "But can I trust not only that he will
protect my data from a third party but that he's not going to exploit
my data, and that the data will be there five years, or 10 years, from
now? Yes, there are security issues that need attention. But tech-
nology itself is not enough. The technology here may be out ahead
of the comfort and the trust."
In a nondescript data center in Somerville, MA, just outside
Boston, lies a tangible reminder of the distrust that Peterson is
talking about. The center is owned by a small company called
2N+1, which o ers companies chilled floor space, security, elec-
tricity, and connectivity. On the first floor is a collection of a dozen
black cabinets full of servers. Vincent Bono, a cofounder of 2N+1,
explains these are the property of his first client, a national bank.
It chose to keep its own servers rather than hire a cloud. And for
security, the bank chose the tangible kind: a steel fence.
ENCRYPTING THE CLOUD
Cloud providers don't yet have a virtual steel fence to sell you. But
at a minimum, they can promise to keep your data on servers in,
say, the United States or the European Union, for regulatory com-
pliance or other reasons. And they are working on virtual walls: in
August, Amazon announced plans to o er a "private cloud" ser-
vice that ensures more secure passage of data from a corporate
network to Amazon's servers. (The company said this move was
not a response to the research by the San Diego and MIT group.
According to Adam Selipsky, vice president of Amazon Web Ser-
vices, the issue was simply that "there is a set of customers and class
of applications asking for even more enhanced levels of security
than our existing services provided.")
Meanwhile, new security technologies are emerging. A group
from Microsoft, for example, has proposed a way to prevent users
of one virtual machine on a server from gleaning information by
monitoring the use of shared cache memory by another virtual
machine on the same server, something that the San Diego and
MIT researchers suggested was possible. And researchers at IBM
have proposed a new kind of security mechanism that would, in
CLOUD INFRASTRUCTURE More and more computing services are
being delivered over the Internet. Behind the technology are huge remote
data centers like these two football-field-sized buildings that Google oper-
ates in The Dalles, OR, shown during their construction four years ago.
CRAIG MITCHELL DYER/GETTY IMAGES
Links Archive November December 2009 March April 2010 Navigation Previous Page Next Page