Interoperability standards will create a world of interconnected clouds fraught with opportunities and security risks, experts say.
Five years from now there will be a suite of international interoperability standards that will lead to a cloud of clouds, or “inter-cloud,” a future where there will be tight integration between multiple clouds. This tighter integration of clouds will have practical implications for government agencies, giving analysts the ability to sift through siloes of big data applications to make better informed decisions, according to John Messina, a senior member with the National Institute of Standards and Technology’s cloud computing program.
Big data sets that hold kernels of information that can be useful for decision-making are in semi-structured and unstructured formats in siloed data sources. “Think of the data resources you will have access to that will allow you to find kernels or nuggets that will help you make better business decisions” in a scenario where different types of cloud infrastructures are interconnected, Messina said during a panel discussion May 30 at the Federal Cloud Computing Summit held in Washington, D.C.
Interoperability is much broader than an organization or consumers talking with cloud providers, but also involves cloud providers communicating with one another and those providers interconnecting with other resources such as social media and sensor networks, Messina said. To date, standards groups worldwide have been focused on developing a vocabulary to establish a common language to describe cloud computing and a reference architecture, which is a high-level conceptual model that allows organizations and industry to fully understand complex systems and the relationships between them.
International standards for reference architectures will be completed next year and the focus is shifting to standards for interoperability and portability, which is the ability to transfer cloud applications from different cloud providers’ databases or infrastructures. Portability is an equally important issue for government agencies that do not want to be locked into any one cloud provider’s infrastructure.
NIST along with other international groups such as The Institute of Electrical and Electronics Engineers, the International Electrotechnical Commission, the International Standards Organization and the TM Forum are pushing for interoperability and portability standards. “I think there is a safe prediction that we will have much more interoperability in the future right around the three- to five-year point. Probably closer to five, we will have that cloud of cloud people are talking about,” Messina said.
Randy Garrett, program manager with the Defense Advanced Research Projects Agency’s Information Innovation Office, who also was on the panel, said, “We will see a growth in the Internet of Things,” referring to devices ranging from smart phones to automated sensors and non-computing devices connected to the Internet.
An interconnected world has potential benefits, but it also creates new risks. For example, 10 years ago there was no danger that somebody could remotely take over your car with a cyberattack. But a car today with onboard computers, a GPS receiver and wireless connections is vulnerable. Someone can take over a car. They cannot steer it, Garrett noted, but can do other things. “So when you take that possibility and spread it out, it makes you wonder what type of future world we will have if somebody can come in remotely and change your heating or air conditioning.”
Other than for pranks are there more malicious reasons for people wanting to remotely take over these types of devices? Probably. “We are entering a world with better future possibilities and potential but also dangers we don’t think about now until some type of catastrophe occurs,” he said.
Still, a lot of future benefits will arise as a result of connected devices and access to more information such as the better tracking of the rise and spread of epidemics, a larger sampling of medicines or the ability to detect manufacturing defects, Garrett said.
“We live in a broken world and have always lived in a broken world. There has been no time in history when mankind thought things were really safe,” said Mark McGovern, CEO of Mobile System 7 and former vice president of technology with In-Q-Tel, which invests in information technology for U.S. intelligence agencies.
McGovern noted how security experts have been saying for years that organizations should manage risk and not try to build steel-wall type security. The focus should be on who is accessing the data, who is using it and are they the right people in the right situation. “We still have IP addresses from known bad places come in, use legitimate credentials and access data they shouldn’t.”
Enterprises should think about managing data like credit card companies manage money, he said. Credit card companies manage risk based on everything you have done, everything they know about you and everything they know that other people are doing. Enterprises have limited themselves to asking for a credential and then they give back anything associated with that credential. In the short term, though, there will be more improvements in security by using the intelligence and awareness that the computer systems already have and making that practical, McGovern said.
Tying that back in with the cloud of cloud, Messina noted that some position papers say that, over the next three years, 70 percent of all cloud services are going to be consumed by other cloud services. That will make an incredible trail for someone trying to identify who initiated some type of request, Messina said. With data centers around the world communicating with other data centers via cloud infrastructures, security will become more complex.
With interoperability and portability standards coming into place, “We will get to the point where we have a massively interconnected world even beyond what we have now.” Organizations will have to address Issues of security and risk in this interconnected world in the next three to five years, Messina said.