(Page 2 of 2)
TR: If a full cryptographic solution is far-off, what would a near-term solution look like?
WD: A practical solution will have several properties. It will require an overall improvement in computer security. Much of this would result from care on the part of cloud computing providers--choosing more secure operating systems such as Open BSD and Solaris--and keeping those systems carefully configured. A security-conscious computing services provider would provision each user with its own processors, caches, and memory at any given moment and would clean house between users, reloading the operating system and zeroing all memory.
An important component of security will be the quality of the personnel operating the data centers: good security training and appropriate security vetting. A secure data center might well be administered externally, allowing a very limited group of employees physical access to the computers. The operators should not be able to access any of the customer data, even as they supervise the scheduling and provisioning of computations.
TR: Would any public-policy moves help or hurt the situation?
WD: A serious potential danger will be any laws intended to guarantee the ability of law enforcement to monitor computations that they suspect of supporting criminal activity. Back doors of this sort complicate security arrangements with two devastating consequences. Complexity is the enemy of security. Once Trojan horses are constructed, one can never be sure by whom they will be used.
An authority on Web security believes your data might be safer in the cloud.
IBM security tool searches for and destroys malicious code in the cloud.
New research reveals how to find would-be victims within cloud hardware.
I find Cloud Computing secure, since you don't have to depend on computers and hard disk to store your data.
It prevents your data from crashing as well as from computer and internet viruses.
Who Has Access & What They Have Access To
Diffie raises a good analogy, "know who hire" for you know not what they do when they have access to your data. Choosing the cloud computing supplier should consider at least the following:
Contract that permits the customer to audit, on-request but no less than once per year:
1. all virtual and physical access to the physical environments where your data are kept (SAS70 at least)
2. background screening of any employee or contractor who has had responsibility for back-up or restore of your data, with a hold-harmless to you if something is found and prosecuted
3. right to pursue permissible legal action for any supplier employee or contractor wrong-doing if found by the cloud supplier or your audit team
4. notification, within the context of applicable law (state/federal), of your legal department for any confirmed breach into your data (query or removal)
5. cloud computing supplier maintains security monitoring logs of all access to your data and documents access as routine, random audit, or suspicious leveraging their prescribed scripts and operational procedures as the basis for all audit, for no less than 7 years
6. off-site back-up for disaster recovery and or business continuity must be encrypted and all vendors must subscribe to ALL security measures above, without exception, including the audit
Diffie begins to surface the most misunderstood issue about security for the cloud - those who have access must be trusted. As Reagan said, "Trust, but verify" can't be minimized here as the passion to reduce cost and improve efficiencies must guard our most basic liberties, including protection of identity for consumers/patient.
I also believe that the phrase "swamp computing" is truly a better description of the potential snakes and gators who may cause serious harm in the Cloud due to lack of personal or corporate safeguards.
I trust the cloud-owners security more than my neighbors...
Overcoming a cloud’s high walls is difficult, hacking a weak, personal computer to become an insider is far easier. The Software Protection Initiative (spi.dod.mil) has found that unmanaged end-nodes (e.g. the millions of users connecting from wide range of questionable devices) pose the greatest risk to the cloud.
So what to do? SPI has developed a range of solutions; the most widely used being the free LPS-Public (http://spi.dod.mil/lipose.htm). LPS-Public creates a temporary, trusted Internet end-node from pristine media on almost any computer. For almost a decade, SPI has been the US Department of Defense’s program responsible for R&D to instill trust into common, commercially available systems.
Feeling secured about Cloud Computing
I was highly confused to be added with cloud computing. Having gone through so many articles from different sources on net now i feel free as it has become clear to me that the seamy side is negligible.This review site is a great help, readers can also find information on http://www.techyv.com/article that was useful to me.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
ArcAnge1M
1 Comment
Security Solution
Check out M2MI for a comprehensive cloud security solution.
Reply