Sunday 31 January 2010

Security in the Sky with Diamonds

A new colleague asked me recently how I felt about “all the security issues in the sky”. At first, I wondered if I had missed a news story about break-ins at Rupert Murdoch’s satellite TV network. After a little probing it transpired that when she talked of “sky computing” she meant “cloud computing”. Ah, at last we were finally on the “same page”.

It is hard enough explaining what “cloud computing” is to some not in IT. It is even more challenging to teach them about the underlying security issues. There are a range of cloud models from remote hosting to SaaS, but for me, I like the definition of cloud computing that I learned from William Fellows of the 451-Group :
“A cloud is formed upon automatically managed, flexible shared infrastructure, where users help themselves to services via an access API with a per-use pricing model.”
I like to call this the “Pay-per-drink” model of cloud computing. Examples of current cloud computing providers include GoogleApps and Amazon Web Services. Many applications already exist running in the cloud and vary from personal finance management services/sites to security log analysis services. William Fellows also highlights the many barriers to adoption for cloud computing – the key issues are Security, Regulatory Compliance, and Retail Payment methods.

Like all IT systems, there are challenges to provide the usual C-I-A thinking of security (Confidentiality - Integrity - Availability) to systems deployed using the cloud computing model. For me, security is about ensuring that systems can only do what you want them to do – and enforcing that they can do no more. Attacks are typically users doing things in the systems that you don’t want – either because access controls are weak or inappropriate, or due to appalling application development whereby the functionality of the deployed system goes beyond what was expected.

Back to sky computing – I am not sure whether the sky is falling or the clouds are lifting (apologies for the appalling puns) maybe as 2010 unfolds it will all become clear.