Windows in the Sky

[Salomé]

^ "virutalising[sic] the whole thing"

inevitable, I'd have said.

 

[JAVO]

Ignoring the huge risk factor of being connected to the Internet...

Centralization concentrates resources.
Concentrated resources increase target value.
Increased target value increases attack frequency and priority.
Increased attack frequency and priority increases probability of success.

All technology-based security has the same weak link: humans.
Human vulnerabilities are widely-documented and remain constant.
The risk from human vulnerabilities can be minimized by good design, but it cannot be eliminated.
There are many people and organizations who specialize in exploiting human vulnerabilities.
One of them will eventually hit the jackpot.
One hit will destroy all confidence.

 

[Grayscale]

Centralization concentrates resources.
Concentrated resources increase target value.
Increased target value increases attack frequency and priority.
Increased attack frequency and priority increases probability of success.

value is already centralized in the manner you're suggesting

anyways, if this were completely true, then we'd all be burying our money because it's more likely someone will try to rob a bank than dig up our own little pile. centralization is not the danger, the real question is whether the value on your plate is bigger than what your security can stomach. at a certain point, there is too much value to possibly secure, and that is why it would never be feasible to have true centralization, but im relatively certain that will never happen as long as we have a capitalist economy.

 

[JAVO]

value is already centralized in the manner you're suggesting

Where?

anyways, if this were completely true, then we'd all be burying our money because it's more likely someone will try to rob a bank than dig up our own little pile.

Yes, but if you buried half your money in your backyard and put the other half in the bank, you couldn't lose more than half of it in a single attack.

centralization is not the danger, the real question is whether the value on your plate is bigger than what your security can stomach.

Where does the target value come from if not from centralization?

at a certain point, there is too much value to possibly secure,

Exactly.

and that is why it would never be feasible to have true centralization, but im relatively certain that will never happen as long as we have a capitalist economy.

I agree. We'd never have a near-monopoly by any one software company here.

 

[ptgatsby]

Where?

We operate on similar principles almost all the time - web apps to servers. Document management systems work in similar ways to this. There is a huge amount of value on pushing things from distributed to centralised, as far as information flow goes.

Yes, but if you buried half your money in your backyard and put the other half in the bank, you couldn't lose more than half of it in a single attack.

How does this translate to data? Redundancy? That's built into cloud computing, generally. And yet, the backyard concept applies - most people lose their own computers and files, making splitting it stronger in one way and weaker in another.

Keep in mind that when you talk about data as value, it only works two ways - to keep people out, and to make sure you have access to it. Invariably the two trade off, to some degree, but the push forward is to increase personal access because there isn't a lot of trade off for security. It is always in relative terms - we can lock down data so no one can get it, but people want laptops, we need backups... etc. Others have attack points then, or it just happens by accident.

The bigger concern is in not being able to gain access. That's the main concern right now, I think. But reliability and so forth have made significant gains. I know I trust my web server more than my local computer network (at home, that is.)

I agree. We'd never have a near-monopoly by any one software company here.

Heh, that'd never happen!

However, chances are in this case you'd have the option of going more local. It depends on how far it goes. Once you start pushing computational power onto farms, then the desktop really will be a thin client, and the monopoly issue would be a big issue (cost by cycle, egad). That is, of course, assuming that the industry doesn't trend towards natural monopolies... too early to tell, but certainly not impossible.

 

[Grayscale]

Where?

most sensitive data is already stored centrally, not client-side. virtualization is actually more secure in the sense that sensitive data can be moved between the virtual client process and the store more efficiently and safely due to the fact that that it is only a virtual move and not being transported over a long distance.

if you had sensitive company data that you needed to view or modify, you'd unavoidably have to transport that between the datacenter and the client UI, but for everything else, most data can remain centralized with only what's relevant being sent to the client.

for instance, let's say you need to email some blueprints for a new prototype to a co-worker. instead of pulling that down from the secure, controlled DC environment onto your desktop, you could write an email and click and drag the file to it, without the local client having to put its fingers into the sensitive data, and with only what your I/O being sent over the encrypted connection.

Yes, but if you buried half your money in your backyard and put the other half in the bank, you couldn't lose more than half of it in a single attack.

PT is right about this, there is a balance between safety and usability. we could do away with computers completely and use paper, and it's easy to argue on behalf of safety because advancing technologies usually do pose risks initially... it's much harder to figure out what we stand to lose if we play it safe, though. either way, in the long run, i believe virtualization will actually prove both safer and more usable. the risks are more volatile, but far fewer and less likely... at some point the risk cost-benefit falls in favor of the "bank".


edit: if you're referring to Microsoft, they are way behind Google... even if they were able to out-run them on the software, they don't have the network resources to support it. anyways, there are a small handful of powerhouses here, and most of them are 5-9s capable or close to it.

 

[Lateralus]

most sensitive data is already stored centrally, not client-side.

Not all in one place. It's still relatively decentralized. If all "sensitive" data was stored in one place and a terrorist attack wiped it out... Storing all that data in one place is like putting a big bullseye on that building.

 

[Grayscale]

Not all in one place. It's still relatively decentralized. If all "sensitive" data was stored in one place and a terrorist attack wiped it out... Storing all that data in one place is like putting a big bullseye on that building.

pardon my vocab, by central i mean in the central locations of the network. im sure youre familiar with the "web" concept of a network, a private company network is no different... most often you will find the hub aggregation points with datacenters a stone-throw away from a few of them.

most enterprises already consider things like this... much less likely than a terrorist attack is a fire or flood in one of the datacenters.



some wiki for your reading pleasure-

High availability - Wikipedia, the free encyclopedia

also see "relationship with failover"-

Load balancing (computing) - Wikipedia, the free encyclopedia

 

[ptgatsby]

Not all in one place. It's still relatively decentralized. If all "sensitive" data was stored in one place and a terrorist attack wiped it out... Storing all that data in one place is like putting a big bullseye on that building.

It's important to differentiate between the software and hardware architecture. It's not unusual for data to be stored in multiple data centers in different physical locations, while maintaining a central "virtual" system.

In that sense, it is a whole lot safer to terrorist attack than having it in one's own building (ie: think of WTC data centers, in this case).

What it isn't safer from is physical access, which is a fairly major issue. Not because they can't be made safe (some are built as nuclear-war safe), but that "others" will always have physical access to the data. The only way to negate this is to not put any workload on the cloud computers, outside of access. In terms of pure storage, you can easily manage that through client-keys, as document management systems do (ie: the databased holds all file data, but the files themselves require local RSA key schemes to unlock locally). But in that case, the file can't exist on the cloud computers... but... it gets complicated. Quite a few document management systems actually do that, to the point where IT cannot access the data, even with hardware access.

Again, the trade off happens: more redundancy = more hands have hardware access.

(edit: fix copy/paste error)

 

[Grayscale]

Again, the trade off happens: more redundancy = more hands have hardware access.

there is a problem there, but i think it when exceptions are made and "slices" of the secured virtual environment are allowed to exist outside of the datacenters intended for them.

 

[kuranes]

It's important to differentiate between the software and hardware architecture. It's not unusual for data to be stored in multiple data centers in different physical locations, while maintaining a central "virtual" system.

Indeed. One of the links I posted earlier focuses on this in an interesting new way.

 

[ptgatsby]

there is a problem there, but i think it when exceptions are made and "slices" of the secured virtual environment are allowed to exist outside of the datacenters intended for them.

That is a major problem in document management. People don't want to use the system, take stuff out of it and carry it around with them. So much for security.

Still, I think there is a valid concern for outsiders being able to walk in, grab a server off the shelf and walk home with it, so to speak - naturally it can just be a copy, etc. Even though the physical drives can be well protected in terms of data, this is one major weakness. It means systems that are meant to handle this kind of stuff need to be seriously robust, which hands another set of "keys" to the operators. Although, certainly not impossible to overcome - local IT can set up their own systems out in the cloud as well, and then remote in securely. (Ironically, the more secure it is, the more dangerous having your own IT guy go off is! It's way easier to recover from the 'cloud operator' going crazy... it's just bits on a drive. But recovering from someone who actually has data access? Gah. Revoke/re-encrypt, etc is a serious threat.)

But... a lot of layers here in which things can go wrong.

 

[Lateralus]

It's important to differentiate between the software and hardware architecture. It's not unusual for data to be stored in multiple data centers in different physical locations, while maintaining a central "virtual" system.

What I saw in that video was an attempt to put everything under one roof.

 

[kuranes]

IRIS: Infrastructure for Resilient Internet Systems