Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

7/25/2011
08:03 AM
Jim Reavis
Jim Reavis
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Future Clouds: Centralized Or Decentralized?

The trend might be moving toward putting more eggs in fewer, more secure baskets

Risk concentration is one of the issues to consider as cloud computing evolves. The economies of scale that have brought cloud computing to where it is so far seem to point to further consolidation and the growth in size of a smaller number of mega data centers.

When Vivek Kundra, the outgoing federal CIO, spoke at the Federal Cloud Strategy at our CSA Summit earlier this year, my favorite slide in his deck compared the federal government to IBM in data-center consolidation. Whereas both had several hundred data centers in 1997, the federal government now has more than 2,000, while IBM has 12!

It seems as though the trend is toward putting more eggs in fewer baskets -- albeit more efficient and I believe more secure baskets. But is that truly the case? I can see Moore’s Law and management efficiencies continuing to support this trend, but I think the wild card is the cost of energy. It could very well be that this is the variable cost that upsets the apple cart, and the cost of cloud services might track the cost of energy over time.

In the U.S., many data centers have been built in eastern Washington and Oregon to take advantage of cheap hydroelectric power. It is easy to imagine a variety of events that could radically change the energy cost basis of a data center.

Greater decentralized clouds could mitigate this issue, and it is not hard to imagine more sophisticated versions of the cloud-brokering solutions of today helping customers move workloads around to lower energy cost data centers. If you take this idea to its extreme, the compute power of a few million smartphones could be pretty tremendous, and the energy costs are zero. Is it possible that the future of cloud will be a significant amount of mobile clouds?

Management costs could be higher for something like this, but there have been very good examples of well-managed distributed compute networks for years; my favorite is the botnet.

I don’t know whether this is the future, but I think we need to plan for this being a possible outcome. Clouds might include a lot of untrusted, low assurance infrastructure, and thinking of our security layers in completely virtual terms is very healthy. Building security into the applications, abstracting between the different technological layers, protecting the data wherever it might go, and instrumenting every entity (virtual machines, hypervisors, data stores, users, etc.) with identity management and nonrepudiated logging technologies is essential.

None of us really knows what the cloud might look like tomorrow, so think about implementing security in a way that allows us to take advantage of its future -- or some alternate futures.

Jim Reavis is the executive director of the Cloud Security Alliance, and president of Reavis Consulting Group.

Jim Reavis is the President of Reavis Consulting Group LLC, where he advises organizations on how to take advantage of the latest security trends. Jim has served as an international board member of the Information Systems Security Association and was co-founder of the ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Adaptive Shield Emerges From Stealth
Jai Vijayan, Contributing Writer,  8/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.