Capping IT Off

Capping IT Off

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Clean Clouds - how to secure utility computing

Category : Cybersecurity

So, I can use my home broadband which gives me a reliable 10Mbps for £10 per month ... or I can use a corporate network which gives me a slightly less reliable 100Kbps for £200 per month or more ... Most corporations are don't build great IT infrastructures but, luckily, they don't have to, any more than they have to generate their own power or build their own road networks. As the above comparison shows, there are staggering cost savings available if we can solve the security and integration issues of cloud computing. We need what I call Clean Clouds - computing utilities with security built in. What does that mean - specifically, what do businesses need from Web2.0 that individuals don't? Here is an incomplete list of ideas:

  • Legal and liability - if my business used a cloud and the cloud fails, who can I sue? People are still trying to back-to-back their liabilities but I don't think this works with utilities. This type of risk needs to be accepted, or transferred through insurance.
  • Identity - how can I separate out my assets and users from others on the same cloud? This can be solved by federation which is now a reasonably mature technology
  • Information control - how can I enforce the right security and information lifecycle controls over my information when it's stored in the cloud? Actually, there are two problems here. The first is that information access policies must be much more accurate and much more complex when they cover cloud objects. There are tools available now to do this - think of the XACML standard for encoding security policies. However, I don't think this is something that most organisations will be able to do for themselves - instead, policy development for cloud objects should be itself a cloud service. The second is that organisations need a variety of services, such as bullk upload/download, that individuals don't. This has to be solved by the market in conjunction with standards organisations.
I wish I could say that this is all new, but I can't. This is all de-perimeterised security as proposed by the Jericho Forum.

About the author

John Arnold

Leave a comment

Your email address will not be published. Required fields are marked *.