Following on from my previous post about storage in the cloud, the topic of content security, (aka how do you secure what is already stored in the cloud?), seemed like a natural next stop, hence this post no. 3 in the cloud series. What does it take for content to be deemed secure in the cloud and can it really be so?
Many months ago, I reviewed a book (for the BCS, Chartered Institute for IT), which dealt with the topic of cloud security, and I recall that although the book’s titular topics of Cloud Security and Privacy was very apt, it did not take a lot of reading to get the gist that security touches every aspect of cloud, right from initial login to choice of service provider and beyond. You may be forgiven for thinking that once your content is deposited in a secure cloud location, e.g. in a highly redundant, uber-secure, private cloud provided by a certified defence contractor, then it must be secure right? Wrong.
The content, and not just the location, is what needs securing. The age old concept of perimeterised security, such as can be found within firewalls, does not apply well to distributed cloud services, hence the need for the actual stored material to have it’s own inherent security (be it encryption, obfuscation, DRM etc.). What really matters is how the material is protected from intentional or accidental leakage.
Several methods or techniques are in use today by cloud service providers to secure the content stored within their services, and just like most things in cloud, you may even get a choice of how locked down you want it to be. Again, I mean locked down as in the actual content, and not the cloud.
One of the more promising systems, spearheaded by the video content industry (and Digital Entertainment Content Ecosystem), is the cloud based digital rights locker system known as Ultraviolet, which allows users to buy content once and allow playback across any supporting platform / device. More information about the alliance and partners can be found here.
The key challenge is typically around content usage, and perhaps more importantly, the users intent. The use of otherwise secured content once released / accessed can often introduce an element of risk of leakage which spans anything from intentional copy and distribute (e.g. via the so called analog hole), to accidental misuse or malicious hacking. The impact of content leakage in the cloud can be devastating for content industry players that rely on revenue from their content investments.
The next post on this series will be looking very closely at the challenges facing copyright in the context of the cloud, and I hope to be able to bring back some insight from the rather timely Copyright and Technology 2011 conference, which I am attending today.
Note: This post is brought to you in partnership with Intel(R) as part of the “Technology in tomorrow’s cloud & virtual desktop” series.