Sunday, October 23, 2011

Cloud Computing and Being a Spy

Now one may wonder what cloud computing and the business of spying have to do with one another. The answer is "words to live by".

What motivated this was an article by Friedman in the NY Times. He states:

The latest phase in the I.T. revolution is being driven by the convergence of social media — Facebook, Twitter, LinkedIn, Groupon, Zynga — with the proliferation of cheap wireless connectivity and Web-enabled smartphones and “the cloud” — those enormous server farms that hold and constantly update thousands of software applications, which are then downloaded (as if from a cloud) by users on their smartphones, making them into incredibly powerful devices that can perform myriad tasks.

The emergence of the cloud, explained Alan Cohen, a vice president of Nicira, a new networking company, “means than anyone can have the computing resources of Google and rent it by the hour.” This is speeding up everything — innovation, product cycles and competition. 

 Now I am reminded the Gilder a decade or so ago who espoused all the wonders of wireless, I wrote a piece about the "Gilder Conjecture" and its less than on target analysis. But this one is dangerous.

Exuberance is always fun, exciting and has the potential for danger, just look at the collapse of our recent financial engine.

Now to spy craft. There are three rules a good spy should live by:

1. Trust no one, not even your father.

2. Never put it in writing, namely do not leave a trail or evidence.

3. Always have a second exit.

Cloud computing violates each of these rules. Is that bad? Well if there is an enemy who wants to do you harm, say like what a spy does. Is this the case in cloud computing world? Think China, think of all those computer science students we educate in the US with DoD money and then ship back to China because unions do not want those types here. If they can be unionized it is fine but if they think, get rid of them.

So what is wrong with Friedman, well simply he, like Gilder, seems to have little to  no technical understanding of what he speaks, in my opinion, namely in the technical areas most critical to security, and second, he takes what he is told almost at face value.

One must remember there is a dark side. In the 1970s with Soviet threats we worried about secure kernelized operating systems in red and black environments. Secure to the nth degree, limited access, tickets, and the list went on. Since 9/11 we are sharing everything with everybody, thus Wikileaks.

The risk of the cloud is that it is easy to compromise and worse. Remember the three rules of spying and beware the cloud.