The ramping up of the Open Cloud Initiative (OCI) brings to light an important security issue that makes the development of a federated cloud framework essential. The corporations and governments that will use these services will not only want to be able to move services from one cloud supplier to another but, more importantly, they will want to use several suppliers.
As has been seen from recent hacks, putting all your data within a single third-party’s cloud infrastructure leaves everything open if the chosen supplier is breached. It would be foolhardy not to spread the risk by storing data and applications with several suppliers.
It’s a question of trying to reach critical mass which, in this case, simply means grabbing the lion’s share of the market before the users stop to think about what the lock-in means. The ambitions of the suppliers and their shareholders’ desire for profits conflict with the actual needs of the customers.
When I have used the “lock-in” phrase in the presence of cloud vendors, they deny there is anything stopping users from moving elsewhere. Though there is truth in this, it is the manner in which that move has to be made. It could mean being given a carrier bag full of optical discs with CSV files to take to your next supplier – hoping to sort things out before the business starts to miss the information source. It’s unlikely to be as crude as this but the reality of the problem existing is apparent.
To have data in one place and applications in another allows some kind of freedom but we’ve yet to see a true mechanism for making it work without introducing serious latency problems.
From a security angle, it would be better to split a single body of data across several providers. If a hacker should then find a vulnerability in one system, the damage would be limited to a subset of the database and not the whole information store. Equally, if a site experiences a major distributed denial of service attack, at least some of the data will be available which could minimise the damage.
Hacking is a professional market with gangs pooling their resources to wage a kind of guerilla war, nation states funding disruptive or espionage attacks. With such great, dark powers ranged against them and the import of increasingly mission critical data, the cloud providers are set to become major targets and the likelihood of a successful breach is only a matter of time.
It would be interesting to see tolerance levels tested. Is the inconvenience of a data breach in the cloud enough to make a corporation move to a new supplier or will the event be shrugged off in the face of the further disruption that would be caused and the financial gain accrued from any penalty clauses?
While the current cloud silos exist, I would argue the customer is running a risk that is beyond acceptable. Vulnerabilities will be found and exploited as new techniques are discovered or as cloud employees are handsomely bribed or blackmailed into the service of the miscreants.
Standards development and interoperability are welcomed – though the number of “standards” are increasing rather than consolidating – but these new bodies have yet to prove their worth by gaining the membership of all the big players. Perhaps it is time for citizen power or corporate push to force the issue and combine their clout into a mighty blow that will knock some greater sense of responsibility into the cloud providers.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
cloud can boost our business trend
Weirton Area Port Authority - Yes Cloud computing has several significant advantages, leveraging the cloud lowers individual entities cost in software and IT Support, allows for quicker implementations, real time software upgrades, better tools, etc. However, it also has significant drawbacks: Time consuming and difficult to change software providers, or move to new cloud hosting providers as it increases risk of disruptions - similar to contract manufacturing as it is possible to move, but there would need to be significant problems before it would justify an change in suppliers, meaning more problems become acceptable. Hacking or collapse of your cloud supplier could significantly harm your business, hacking into your data, requires contract language as to the consequences of the cloud provider who are very reluctant to any peripheral or consequential damages above the cost of the cloud services, which could be infinitesimally small when compared to the problems caused by the compromise - government cloud break for example. So additional flexibility and solid exit/change strategies need incorporated into the contract language.