Another great article on Technology Review MIT, this time about cloud computing. Together with the 2 documents i posted earlier today on innotribe.com this should give the average IT literate reader a good overview of where we stand end 2009/begin 2010.
The clientele for Amazon’s cloud services now includes the New York Times and Pfizer. And Google’s browser and forthcoming operating system (both named Chrome) mean to provide easy access to cloud applications.
The focus of IT innovation has shifted from hardware to software applications
But not everyone is so sanguine. At a computer security conference last spring, John Chambers, the chairman of Cisco Systems, called cloud computing a "security nightmare" that "can’t be handled in traditional ways."
A similar viewpoint, if less colorfully expressed, animates a new effort by NIST to define just what cloud computing is and how its security can be assessed. "Everybody has confusion on this topic," says Peter Mell; NIST is on its 15th version of the document defining the term. "The typical cloud definition is vague enough that it encompasses all of existing modern IT,"
Given the industry’s rapid growth, the murkiness of its current security standards, and the anecdotal accounts of breakdowns, it’s not surprising that many companies still look askance at the idea of putting sensitive data in clouds. Though security is currently fairly good, cloud providers will have to prove their reliability over the long term
Cloud providers don’t yet have a virtual steel fence to sell you. But at a minimum, they can promise to keep your data on servers in, say, the United States or the European Union, for regulatory compliance or other reasons.
But fully ensuring the security of cloud computing will inevitably fall to the field of cryptography. Of course, cloud users can already encrypt data to protect it from being leaked, stolen, or–perhaps above all–released by a cloud provider facing a subpoena.
To find and retrieve encrypted documents, groups at Carnegie Mellon University, the University of California, Berkeley, and elsewhere are working on new search strategies that start by tagging encrypted cloud-based files with encrypted metadata.
"For me," Zittrain says, "the biggest issue in cloud security is not the Sidekick situation where Microsoft loses your data." More worrisome to him are "the increased ability for the government to get your stuff, and fewer constitutional protections against it; the increased ability for government to censor; and increased ability for a vendor or government to control innovation and squash truly disruptive things."