Mike Daconta

COMMENTARY

Hackers own today's free-love PC architecture, and it's time to move on

In his book, “Does IT Matter?” Nicholas Carr assumed that the PC-centric, client-server architecture was the zenith of Moore’s Law (which says the number of transistors on a chip will double every two years) and therefore an ever-cheaper commodity with no strategic value. 

The emerging post-PC architecture not only proves his assumptions wrong but makes them look absurd given the magnitude of contrast.  But much more important than poking Carr in the eye (however enjoyable that may be) is the urgent realization that we need to take a bold leap away from that legacy, PC-centric architecture.

For one thing, the hackers own it outright and prove that to us on a daily basis. Recently we learned of a data breach at payment processing firm Global Payments Security that exposed financial information of 1.5 million credit cardholders. Such news is a recurring nightmare given our reactive, patch-and-pray security model.   


Related stories:

After hack, RSA amps up security, but people still the weak link

How international cyber crime threatens national security


The writing is clearly on the wall:  Hackers own the current, hippie-designed, Pollyanna-inspired, free-love openness that is today’s PC architecture. Given that, any normal inertia against change should be ameliorated by the chance to bake in security at the beginning of a new architecture instead of as an afterthought.

Beyond the security benefits, the capabilities of the post-PC architecture will make advances such as Siri, Watson and Facebook look quaint by comparison.

The central components of this architecture are mobile devices, the cloud (or clouds), sensors and social networks. Of these components, mobile devices are the primary driver that is now drastically reshaping both the client and server sides of the architectural equation. 

These changes will incorporate the drive toward “natural interfaces” such as gesture and voice. Not to be dismissed is the plethora of sensors (some of them inside those mobile devices) that can monitor, measure and signal every corner of the globe. From a sheer numbers perspective, the post-PC architecture is the realization of ubiquitous computing. 

Accommodating these changes and enabling easy sharing between any type of client device requires a ubiquitous server solution that is ever-present, contextually aware and fast (regardless of load). Enter the cloud. Above and beyond the proliferation of hardware is a higher bar for software platforms that are smart and social by design, exhibit situational awareness, and leverage vast amounts of data. 

To satisfy these requirements, the key characteristics of a post-PC architecture are scalability, semantics and security. Scalability is required for the cloud to serve the massive number of devices and sensors in near-real time. The cloud will allow device convergence and interoperability across every organization in ways that were never imaginable. And semantics will be the glue between each component in order to enable the devices to understand the whole and the part they play in it and to act appropriately in any situation. 

That is what is meant by “situational awareness,” and to do this requires an understanding of localized context. For example, if I say to Siri, “Call my wife”, it understands that I am married, which contact in my address book represents my spouse, and which phone number I most often call her on.

I recommend everyone read the Siri patent to see how Semantic Web techniques are another key driver of the post-PC architecture. And with cloud scalability enabling greater semantics, both will create major breakthroughs in security. 

Sensor, device and cloud components form a new type of multi-machine operating system that is now being designed. This multi-machine OS will be free to look beyond processor, memory and storage limitations toward robust, built-in solutions for identity (including biometrics), provenance, continuous monitoring and cradle-to-grave mandatory security.

So while there are many changes ahead in this post-PC era, the opportunity to forge a secure, scalable and semantic architecture will be well worth the price.

Michael C. Daconta (mdaconta@incadencecorp.com) is vice president of advanced technology at InCadence Strategic Solutions and the former metadata program manager for the Department of Homeland Security.  He is currently working on the second edition of his book, “Information as Product: How to Deliver the Right Information to the Right Person at the Right Time”.






About the Author

Michael C. Daconta (mdaconta@incadencecorp.com) is the Vice President of Advanced Technology at InCadence Strategic Solutions and the former Metadata Program Manager for the Homeland Security Department. His new book is entitled, The Great Cloud Migration: Your Roadmap to Cloud Computing, Big Data and Linked Data.

Reader Comments

Sat, Apr 21, 2012 Michael Daconta

Big Ben's comments were excellent and insightful... Some new threads in the comment stream: 1. attacking or skepticism over AI and my situational awareness example. 2. Much more on the privacy versus security tradeoff and a nice Ben Franklin quote. 3. Some more good analysis on real "security" ... I like Bry from Florida's comment on "lazy solutions." One important point before I comment on any of these - the title of my column is often changed, I think to make it a bit more controversial than I intend. Did not mean to start a flame war about hippies ... instead my goal was to point out a potential silver-lining in a move to a Post-PC architecture. I think the comments on AI and semantics are similar to the skepticism AI has been subject to for many years, primarily because it promised too much too soon. But, the reality is that many of these techniques are now coming in to fruition and being used to increase the usefulness of computers, robots, automobiles and other automation. I think the best comments here are the ones that are trying to begin to ferret out the root causes of our current weak security architecture and methods to devise new strategies. I would be very interested in knowing if anyone who reads the article really believes the best approach is to continue with the status quo? - even in this new era of cyberwarfare? While I understand the ruffling of feathers over some of my characterization of the problem, if we step back and look at the problem and combine that with the understanding of the huge amount of experimentation going on in cloud computing, I think leveraging one to solve the other is a good strategy. Best wishes, - Mike

Fri, Apr 20, 2012

Hippy bashing? Are you effing kidding me? Hippy bashing is so 1970's. A more modern strategy would be saying that anyone that doesn't want corporations and the government to have the power to spy on you, the ability to add programs without your approval or knowledge and the ability to remove or restrict your activities is a damn jihadi. If you're against the oligarchs controlling your data and what you do with it you're with bin laden! That's how ya do it! Now I know that you're out of homeland security but could you take some time off of trying to destroy freedom?

Fri, Apr 20, 2012 Michael Daconta

Many good comments... let me try to address a few. There seem to be several lines of thinking threading through the comments relating to privacy, the nature of the current "PC-architecture" and PC vs Cloud. Regarding the notion that today's personal computer architecture is responsible for the data breach is the fact that we are all operating on the Von Neumann architecture for both clients and servers and thereby have not "baked security in" as there are little to no trusted components in wide use in today's systems. This leads us to the debate over privacy versus control, especially privacy versus government control. That is a very, very tough issue and I wonder what it will take for the public to reach a tipping point in terms of demanding more secure computing. In some ways this is a similar argument to giving up some of our freedoms for greater protections against terrorism which is also still a hotly debated topic. At this point, in my assessment, the hackers are winning. As for the PC versus Cloud line of thinking ... I don't think these are in competition. There will certainly be client systems in a cloud architecture; however, it will certainly be a less, distributed architecture. Again, overall I think these are really good questions and a debate and discussion worth having! Thanks for all the comments so far...

Thu, Apr 19, 2012 Joe Wulf Baltimore

I find it interesting that "...the drive toward “natural interfaces” such as gesture and voice" is being touted as the next up and coming thing... regardless of how much more physical effort, that ISN'T natural, each person will have to expend, when simple typing and mouse movement are far more efficient, stable, accurate and functional. Beyond the 'fad' of such a natural interface, lets seriously look at the drag on a person's body that will entail, as well as the monumental cacophony engendered by everyone, in all their cube's blathering on, ever-louder, so as to get THEIR device to hear them and not their neighbors. You think the noise from all your cube-mates is loud now?? HA! In another direction, Margaret Bartley's comments are right on target! Bravo!

Thu, Apr 19, 2012 MargaretBartley

I don't understand why personal computers are responsible for the data breach at Global Payments Security. I'm pretty sure they didn't keep that data on a PC somewhere. Posting my data from a PC instead of a mobile phone will not make Global Payments any more careful about who they outsource their programming and systems administration to, which is the real problem. Companies don't take responsibility for their IT systems - they outsource it to someone who outsources it to someone else, who hires part-time, temp newbies to code it. It's a systemic problem of having bureaucrats and financiers in charge of technical systems, instead of techies. just changing the users' machines is irrelevant. You'll have to look elsewhere to rationalize a Total Information Awareness, Ubiquitous Login system where everything we do is constantly monitored and authorized by Persons Unknown.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above