Saqib Ali’s Techdirt Profile


About Saqib Ali

Saqib Ali’s Comments comment rss

  • Aug 12th, 2009 @ 9:22pm

    Progress can not be avoided indefinitely

    @ Folks who raised security / reliability / recovery concerns about Cloud Computing:

    NIST recently published a working draft of the Cloud Computing Security presentation. Some of the Security Advantages mentioned in the presentation are:

    1. Shifting public data to a external cloud reduces the exposure of the internal sensitive data
    2. Cloud homogeneity makes security auditing/testing simpler
    3. Clouds enable automated security management
    4. Redundancy / Disaster Recovery
    5. Data Fragmentation and Dispersal
    6. Dedicated Security Team
    7. Greater Investment in Security Infrastructure
    8. Fault Tolerance and Reliability
    9. Greater Resiliency
    10. Hypervisor Protection Against Network Attacks
    11. Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
    12. Simplification of Compliance Analysis
    13. Data Held by Unbiased Party (cloud vendor assertion)
    14. Low-Cost Disaster Recovery and Data Storage Solutions
    15. On-Demand Security Controls
    16. Real-Time Detection of System Tampering
    17. Rapid Re-Constitution of Services
    18. Advanced Honeynet Capabilities

    I understand that these will depend on the actual implementation. It usually does for everything. For e.g. you can create world's most secure cipher, but the poor implementation is usually the weakest link.

    But in theory, if cloud services are implemented properly, I think NIST's list of advantages hold true.

    As Professor David Deutsch would say, "Problems are Soluble. Problems are inevitable"

    No amount of precautions can avoid problems that we do not yet foresee. Hence we need an attitude of problem fixing, not just problem "avoidance". And it's true that an ounce of prevention equals a pound of cure, but that's only if we know what to "prevent". If you've been punched on the nose, then the science of medicine does not consist of teaching you how to avoid punches. If medical science stopped seeking cures and concentrated on prevention only, then it would achieve very little of either.

    The traditional Enterprise IT world is buzzing at the moment with plans on how to stop Cloud Computing from entering into the workplace. It ought to be buzzing with plans to reduce the security and privacy risks associated with Cloud Computing and improve data-portability and forensic capabilities. And not at all costs, but efficiently and cheaply. And some such plans exist, host-prood hosting[1], for example.

    With problems that we are not aware of yet, the ability to put right -- not the sheer good luck of avoiding indefinitely -- is our only hope, not just of solving problems, but of making technological progress.

    (the above is based on a talk by Professor David Deutsch on problem avoidance)