Ceding data ownership for 'any-device' access is a risky trade
The American dream has always been about ownership: your own home, your own car, owning a piece of the pie. In the digital world, the dream is shifting from ownership to access: being able to access data and resources anywhere, anytime, with any device. In exchange for this unprecedented access, we often are giving up a large amount of our control, however, and with this come new security concerns.
The quintessential example of this shift is cloud computing, which promises to provide on-demand storage, access and provisioning of everything from applications to infrastructure. But social networking, mobile apps and consumer services such as Apple's iCloud are part of the trend. The data and services are always available, but there is always a remote connection to access them, and there always is the chance that the proprietor might not share your concerns.
Take Megaupload, for example. When the file-hosting service was effectively shut down in January for alleged copyright infringement, a whole lot of legitimate data also went into limbo and is in danger of disappearing.
NIST releases 'Bible of cloud implementation'
In the cloud, security is easy, perfection is impossible
This is not a brand-new trend. In many ways it is a throwback to the early days of computing when dumb terminals shared mainframe resources. There have been repeated efforts to revive the model in the name of economy and centralized control with thin clients. Ironically, the model finally has taken off not on thin clients with limited computing capacity but with increasingly powerful mobile devices that can host an array of applications for accessing and using remote resources. And the resources being accessed are no longer controlled centrally but are dispersed across dozens or hundreds of online providers.
The result is a volatile mix of remote access through powerful but often poorly secured endpoints to services that are optimized for exploiting data financially rather than protecting it. Initial concerns stemming from this situation have been for privacy, but Megaupload demonstrates that the availability of data to owners also is at risk.
Megaupload is an extreme case, and most online hosting and sharing services presumably are legitimate and responsible. But the questions remains how secure and stable they are, both technically and financially. If you post, store or share information online with the expectation that it always will be there for you, some due diligence is required on these issues.
These are not issues that have been ignored. The National Institute of Standards and Technology has published "Guidelines on Security and Privacy in Public Cloud Computing" (Special Publication 800-144), and many organizations are setting up internal private clouds that can provide the flexibility of on-demand computing while retaining control of the resources.
But there are a growing number of services aside from formal clouds for storing and sharing photos, videos and data. The growing adoption of online solutions means that a shrinking percentage of the resources we often depend on reside on our hard drives, behind our own firewalls and antivirus programs. Wikipedia is replacing the ink-and-paper encyclopedia on our bookshelves, and its availability depends on a variety of hosts and service providers we do not control.
This new model has taken off quickly because it is valuable, but as we grow more reliant on it we need to pay attention to the security and availability of services we are depending on.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.