Cloud Computing & SecurityCloud Computing & SecurityBackgroundCloud Computing has become the latest technology buzzword. Everyone wants to be a part of the âalmighty cloudâ and be able to access all of their personal data anytime, anywhere that they see fit, even if the average person does not completely understand the concept behind it. Although this has just recently become a household term, the theory behind cloud computing has been around and used for several years. In this article, I will be referring specifically to cloud computing used for storage of data, not computations.
The idea of cloud computing is for information, software, and resources to be shared across a network, generally with a centralized API. The information is either stored on a main server or servers but can be accessed and changed across all cloud clients. The typical personal computer is limited to the information that is specifically installed on that one unit (or so people think). But even this unit has the potential to access the data kept on a cloud server by using applications or a web browser. And this access is the same for all devices that connect to a cloud server.
Now the first thing a person may ask is why this is necessary or helpful. A quick way to answer this is to ask the person how many devices they normally use on a given day. Ten years ago, it was not uncommon for a person to own a cell phone, a pager, a palm pilot, an iPod, and a computer (or multiple computers). Each device has a very specific function but the limitations were a lack of data convergence. If you wanted the contacts you kept on your cell phone, put onto your palm pilot or your computer, you had to go to great lengths to sync them. Sometimes you had to purchase special software and take several hours of tweaking to do it. Not only was this time consuming, but also ineffective, since this process had to be repeated every single time you made a change to one of the devices. With the use of a cloud server, you have one place that your data is kept and all the devices in turn sync to the cloud, keeping every device up to date and consistent. This is a wonderful concept.
What the Risks AreThis unification comes at a price. One big problem is that the user has to rely on whoever owns and maintains the cloud server, to store and protect their data. The user no longer has control over where this data is being stored, how effectively itâs being protected, if at all, or who has access to it. Users assume that their data is safe and wonât be exploited, but we are far too trusting. Weâve traded ease of use for a higher risk of theft. And the idea of a secure cloud server is being pushed onto the individual users, as their problem to fix and maintain. Usually, without the user knowing this responsibility is now theirs. So now if a problem does occur, the user is left to fend for
The Problem
One of the problems in the RISC is that the user doesnât necessarily have enough ability to control the server, and that this often becomes a concern for the users. Some of the developers of OpenStack in particular found this very disturbing.
First there was the decision to make sure that the user did not have to give up “secure control of their data.” Then also the decision to make the user sign up for an OpenStack group. Then there were a variety of other decisions. But it was clear that the users needed that control as a resource, as part of all the other things that they did from those days. And there was little concern about the security of these group members, especially because some of the members were the employees of their company and the groups were also the users of OpenStack and other open source software.
It also struck me that this meant that it could be a “hashed set of rules,” meaning the users were required to have the authority of a single person, like if for example your home or a business were built with your company’s customer key. In some circumstances, in cases where it should be a “secure group” it was. And I think about every day you have a number of scenarios where there is only one person doing the task, but even with those situations you can’t really give up everything.
So there is a real debate about whether to make the user sign up for these organizations. I think ultimately it boils down to a trust issue, and to create trust and trust is a way to create that. So, I think that this is what the RISC should have done. OpenStack now provides both an open and a secure environment for the users by helping them to understand what is best for both of them and how to deal with all the issues that come with creating trust and trust in an open environment. There’s no need for users to have a “stealing and protecting” tool on their desktop, or having a “bidding and receiving mechanism” for using a server is not something that can just be replaced by a desktop software component or other hardware mechanism. In other words, no one with a good sense of security should be using a desktop because all the tools at the root of the problem is only open.
That’s really why I think what we need in the system administrator’s role will be to open an account with another public key. That is, if there are any “security” concerns when you have access to that third-party system key you should just go ahead and use your own private key. Any of the software that comes with OpenStack is fully free from security concerns. You could even encrypt all that