Perimeter
7/25/2011
08:03 AM
Jim Reavis
Jim Reavis
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Future Clouds: Centralized Or Decentralized?

The trend might be moving toward putting more eggs in fewer, more secure baskets

Risk concentration is one of the issues to consider as cloud computing evolves. The economies of scale that have brought cloud computing to where it is so far seem to point to further consolidation and the growth in size of a smaller number of mega data centers.

When Vivek Kundra, the outgoing federal CIO, spoke at the Federal Cloud Strategy at our CSA Summit earlier this year, my favorite slide in his deck compared the federal government to IBM in data-center consolidation. Whereas both had several hundred data centers in 1997, the federal government now has more than 2,000, while IBM has 12!

It seems as though the trend is toward putting more eggs in fewer baskets -- albeit more efficient and I believe more secure baskets. But is that truly the case? I can see Moore’s Law and management efficiencies continuing to support this trend, but I think the wild card is the cost of energy. It could very well be that this is the variable cost that upsets the apple cart, and the cost of cloud services might track the cost of energy over time.

In the U.S., many data centers have been built in eastern Washington and Oregon to take advantage of cheap hydroelectric power. It is easy to imagine a variety of events that could radically change the energy cost basis of a data center.

Greater decentralized clouds could mitigate this issue, and it is not hard to imagine more sophisticated versions of the cloud-brokering solutions of today helping customers move workloads around to lower energy cost data centers. If you take this idea to its extreme, the compute power of a few million smartphones could be pretty tremendous, and the energy costs are zero. Is it possible that the future of cloud will be a significant amount of mobile clouds?

Management costs could be higher for something like this, but there have been very good examples of well-managed distributed compute networks for years; my favorite is the botnet.

I don’t know whether this is the future, but I think we need to plan for this being a possible outcome. Clouds might include a lot of untrusted, low assurance infrastructure, and thinking of our security layers in completely virtual terms is very healthy. Building security into the applications, abstracting between the different technological layers, protecting the data wherever it might go, and instrumenting every entity (virtual machines, hypervisors, data stores, users, etc.) with identity management and nonrepudiated logging technologies is essential.

None of us really knows what the cloud might look like tomorrow, so think about implementing security in a way that allows us to take advantage of its future -- or some alternate futures.

Jim Reavis is the executive director of the Cloud Security Alliance, and president of Reavis Consulting Group.

Jim Reavis is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. Jim has served as an international board member of the Information Systems Security Association and was co-founder of the ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio