Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/16/2009
03:28 PM
50%
50%

Myth-Busting: Quelling 7 Cloud Computing Fears

Concerned about data privacy and single points of failure, among other cloud worries? Get ready to put your fears to rest

What is it about "the cloud" that has people, well, getting their heads up in the clouds over it? Almost no other IT innovation in recent memory has engendered this much enthusiasm -- and furor, and confusion, and outright misunderstanding.

The cloud isn't exclusively a cure-all or a calamity in progress; neither is it a savior or sinner. It's a new tool for solving emergent problems, and like every new hammer in someone's hands it can make everything look like a nail.

In this piece we'll examine many of the current myths -- good, bad, and bogus -- about cloud computing. Many are borne by simple ignorance or inexperience. Others are legitimate criticisms in the guise of gripes. And some are entirely too on target, and need to be nipped in the bud by prospective cloud-creators before they get bitten by them.

1. Compatibility Issues

Myth: Cloud computing is too proprietary.

At present, no two clouds are alike -- both in nature and in IT. Amazon's cloud platform is nothing like Google's, which is nothing like Microsoft's, which is nothing like and you can insert the name of any other up-and-coming cloud provider here.

And yet "proprietary" has not proved to mean "useless" -- not by a long shot.

Think back to the early days of the personal computer. The first wave of PCs were all from different makers, used different hardware, and weren't remotely cross-compatible. Programs written for the Apple II weren't assumed to have any interchangeability with the Atari, the Amiga, or even the IBM PC itself.

What few common platforms that existed -- e.g., CP/M -- were largely for the sake of porting and running existing applications to those platforms, rather than for creating a crossbar of compatibility among them. None of this stopped a remarkable amount of development from taking place -- and the various platforms were able to compete heavily based on their differences.

Granted, the situation today is totally unlike that. People expect a great deal more cross-compatibility as a matter of course -- between devices, between applications, between platforms and environments. What's most proprietary about the platforms isn't so much the way they work on the inside as the fact that talking to each cloud, getting data into and out of each cloud, and managing functionality within each cloud are all done differently.

The proprietary nature of the first wave of cloud computing platforms is, for lack of a better way to put it, a necessary evil. And maybe even not all that evil in the first place, when it grants you access to platforms like Linux (Amazon.com) and languages like Python (Google), which on their own terms are as open as they get. Things could be made less proprietary outside clouds and among clouds, although odds are the standards that will exist between clouds will develop more as a consequence of what people are actually using (e.g., EC2) rather than something drafted in the abstract.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.