CYBEREYE

Ceding data ownership for 'any-device' access is a risky trade

The American dream has always been about ownership: your own home, your own car, owning a piece of the pie. In the digital world, the dream is shifting from ownership to access: being able to access data and resources anywhere, anytime, with any device. In exchange for this unprecedented access, we often are giving up a large amount of our control, however, and with this come new security concerns.

The quintessential example of this shift is cloud computing, which promises to provide on-demand storage, access and provisioning of everything from applications to infrastructure. But social networking, mobile apps and consumer services such as Apple's iCloud are part of the trend. The data and services are always available, but there is always a remote connection to access them, and there always is the chance that the proprietor might not share your concerns.

Take Megaupload, for example. When the file-hosting service was effectively shut down in January for alleged copyright infringement, a whole lot of legitimate data also went into limbo and is in danger of disappearing.


Related coverage:

NIST releases 'Bible of cloud implementation' 

In the cloud, security is easy, perfection is impossible


This is not a brand-new trend. In many ways it is a throwback to the early days of computing when dumb terminals shared mainframe resources. There have been repeated efforts to revive the model in the name of economy and centralized control with thin clients. Ironically, the model finally has taken off not on thin clients with limited computing capacity but with increasingly powerful mobile devices that can host an array of applications for accessing and using remote resources. And the resources being accessed are no longer controlled centrally but are dispersed across dozens or hundreds of online providers.

The result is a volatile mix of remote access through powerful but often poorly secured endpoints to services that are optimized for exploiting data financially rather than protecting it. Initial concerns stemming from this situation have been for privacy, but Megaupload demonstrates that the availability of data to owners also is at risk.

Megaupload is an extreme case, and most online hosting and sharing services presumably are legitimate and responsible. But the questions remains how secure and stable they are, both technically and financially. If you post, store or share information online with the expectation that it always will be there for you, some due diligence is required on these issues.

These are not issues that have been ignored. The National Institute of Standards and Technology has published "Guidelines on Security and Privacy in Public Cloud Computing" (Special Publication 800-144), and many organizations are setting up internal private clouds that can provide the flexibility of on-demand computing while retaining control of the resources.

But there are a growing number of services aside from formal clouds for storing and sharing photos, videos and data. The growing adoption of online solutions means that a shrinking percentage of the resources we often depend on reside on our hard drives, behind our own firewalls and antivirus programs. Wikipedia is replacing the ink-and-paper encyclopedia on our bookshelves, and its availability depends on a variety of hosts and service providers we do not control.

This new model has taken off quickly because it is valuable, but as we grow more reliant on it we need to pay attention to the security and availability of services we are depending on.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Tue, Apr 3, 2012 wycliff bwango uganda

you have not given me the content of the ownership issues in cloud computing

Tue, Mar 20, 2012

Do you want ready access anywhere, anyhow, or do you want security? Unfortunately, those who are pushing this appear to either not care about security or your data, or they have a hidden agenda in regards to your data.

Mon, Mar 19, 2012 Paul

Another concern is continuity of operations, either work or personal. Beyond the issues of an external provider of space that does not have your best interests at heart, is the limited availability of connections. There are only a few true ISPs in the country making them a very weak link since they could easily be shut off. Cell connections aren't much better and are vulnerable to EMF and shielding. The lessons of the Cold war regarding dispersal of assets and redundancy is being lost in favor of consolidation. The cloud is a convenient tool for certain requirements but is not a replacement for on location storage. For those of us responsible for protecting the country, we have to be able to function under the worst possible conditions and that isn't possible if a just a single nuke, or even another Katrina, could potentially stop us cold.

Sat, Mar 17, 2012

Cloud computing opens up a host of problems. 1. Is the company that host the storage responsible for the content. 2. Can they look at what you are storing (or course they will!) 3. If illegal content is discovered what happens. 4. Will your info be sold to companies (of course it will!) 5. What happens when users can't access their info that they have paid to have "in the cloud". I doubt I will ever be in the cloud

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above