Perimeter
7/25/2011
08:03 AM
Jim Reavis
Jim Reavis
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Future Clouds: Centralized Or Decentralized?

The trend might be moving toward putting more eggs in fewer, more secure baskets

Risk concentration is one of the issues to consider as cloud computing evolves. The economies of scale that have brought cloud computing to where it is so far seem to point to further consolidation and the growth in size of a smaller number of mega data centers.

When Vivek Kundra, the outgoing federal CIO, spoke at the Federal Cloud Strategy at our CSA Summit earlier this year, my favorite slide in his deck compared the federal government to IBM in data-center consolidation. Whereas both had several hundred data centers in 1997, the federal government now has more than 2,000, while IBM has 12!

It seems as though the trend is toward putting more eggs in fewer baskets -- albeit more efficient and I believe more secure baskets. But is that truly the case? I can see Moore’s Law and management efficiencies continuing to support this trend, but I think the wild card is the cost of energy. It could very well be that this is the variable cost that upsets the apple cart, and the cost of cloud services might track the cost of energy over time.

In the U.S., many data centers have been built in eastern Washington and Oregon to take advantage of cheap hydroelectric power. It is easy to imagine a variety of events that could radically change the energy cost basis of a data center.

Greater decentralized clouds could mitigate this issue, and it is not hard to imagine more sophisticated versions of the cloud-brokering solutions of today helping customers move workloads around to lower energy cost data centers. If you take this idea to its extreme, the compute power of a few million smartphones could be pretty tremendous, and the energy costs are zero. Is it possible that the future of cloud will be a significant amount of mobile clouds?

Management costs could be higher for something like this, but there have been very good examples of well-managed distributed compute networks for years; my favorite is the botnet.

I don’t know whether this is the future, but I think we need to plan for this being a possible outcome. Clouds might include a lot of untrusted, low assurance infrastructure, and thinking of our security layers in completely virtual terms is very healthy. Building security into the applications, abstracting between the different technological layers, protecting the data wherever it might go, and instrumenting every entity (virtual machines, hypervisors, data stores, users, etc.) with identity management and nonrepudiated logging technologies is essential.

None of us really knows what the cloud might look like tomorrow, so think about implementing security in a way that allows us to take advantage of its future -- or some alternate futures.

Jim Reavis is the executive director of the Cloud Security Alliance, and president of Reavis Consulting Group.

Jim Reavis is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. Jim has served as an international board member of the Information Systems Security Association and was co-founder of the ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.