How Secure is Cloud Computing?

Technology Review has published an interview with cryptography pioneer Whitfield Diffie that is worth reading. I had the great pleasure of presenting to Whit down at the Sun campus. He is a great scientist and a gentleman.

In this interview, Diffie–who is now a visiting professor at Royal Holloway, University of London–draws an interesting analogy between cloud computing and air travel:

“Whitfield Diffie: The effect of the growing dependence on cloud computing is similar to that of our dependence on public transportation, particularly air transportation, which forces us to trust organizations over which we have no control, limits what we can transport, and subjects us to rules and schedules that wouldn’t apply if we were flying our own planes. On the other hand, it is so much more economical that we don’t realistically have any alternative.”

Diffie makes a good point: taken as a whole, the benefits of commodity air travel are so high that it allows us to ignore the not insignificant negatives (I gripe as much as anyone when I travel, but this doesn’t stop me from using the service). In the long term, will the convenience of cloud simply overwhelm the security issues?

The history of computing, of course, is a history full of such compromise. Right now we are in the early days of cloud computing, where all of us in the security community are sniping at the shortcomings of the technology, the process, the legal and regulatory issues, and anything else that appears suspect. But truthfully, this is the ultimate low hanging fruit. Identifying problems with the cloud is effortless; offering real solutions is considerably harder.

Not surprising, Diffie offers a real solution, which is to look hard at trusted platforms. In the end, convenience will sweep over us all, so it is important to quickly establish the best secure baseline we can. The secure base for cloud computing needs to become like aircraft maintenance schedules–something that is a given part of the process and an important component that allows us to reasonably invest trust in the system as a whole.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s