Friday, June 24, 2011

My own Grandpa Simpon moment: The Cloud

As the sun begins to wiggle its way over the horizon and the sleepy town of Atlanta begins to wake I find myself watching a movie called The Eagle. Since the movie is only semi interesting I drift to catching up on news of the last day and come across this story:

Beware: What follows are random Dave musings and I haven’t had my Adderall today.

Am I wrong thinking this is a cloud failure? I have to admit I am not much of a cloud expert but shared hardware for virtual instances always seemed like a bad idea because you do not know who your neighbors are. Your innocent widget business could be next to child porn, websites selling drugs or even a Democrat politician’s website. If anybody watches cop shows like Cops or SWAT then you know one day the residences will put enough pressure on their elected leaders to crackdown on the crime in there area and that will kick off a neighborhood sweep. The same holds true for the virtual residents of the Internet. I am sure you don’t want your business in the same virtual neighborhood as child porn, drugs, or Democrats.

I think the same is true for some services in this case. How can you rely on something that could be seized at any moment for participating in criminal actions even though it may have been a single user and not the service its self? Or worse a service gets taken now not because of what it is doing virtually but where it is in the real world. Imagine a FBI agent with a warrant showing up to take two or three servers and is met with racks upon racks of servers. He might decide to be through and take everything in the same rack as the offending server without realizing it could contains thousands of other company’s and unrelated data. I say without realizing but what I really mean is without caring, when data collection and analysis is your business though it does not pay to err on the side of caution.

Unless I am mistaken the FBI is still in the grab everything with a power cord mode instead of respecting virtual boundaries. The thoughts that keep me up are things like what will happen when the US bans Bitcoins and Rob’s development machines are seized for mining. Then because Rob’s machines were backed up using Dropbox is seized as well. When that happens the Dropbox machines are in close proximity to Thinkgeek machines are they are taken as well. Now I am out of our development effort, having to deal with lawyers, and cannot order any ironic t-shirts to show my displeasure. T-shirts with slogans like the following:

“The government banned Bitcoin, seized a lot cloud service’s computers and all I got is the shaft because I can no longer afford t-shirts ” –proposed Thinkgeek t-shirt for 2012

Keep in mind I don’t even know if the above scenario is possible I am just using it as a hypothetical scenario.

If this happened to Instapaper how long till it happens to Pastebin or Dropbox or even a large scale Amazon EC2 implementation like Netflix.

I am starting to feel like an old main yelling about loud music when it comes to the cloud. Every time I see something new like the Apple iCloud I cringe. I don’t want to but I know I will end up using it.

It will get hacked. Information will be leaked. People will forget. It will get hacked. Information will be leaked. People will forget. It will get h…and will repeat until a new technology replaces cloud. And then it will start all over again…

Take my musings witha grain of salt as I am no cloud expert. I am just a person that has become addicted to these services like everyone else and am now worried about security after adoption. It’s horrible that “security people” have the same “security problems” as everyone else. I also hate how many times I used the word cloud in this post. And I really hate loud music and those darn kids on my lawn.


dre said...

There are ways to do secure multi-tenancy so that vStorage and vDRAM are not readable/writable except inside the running guest OS (including at boot time).

There are ways to perform high-availability on nearly every service one can put into a public cloud.

dre said...

There are ways to force secure multi-tenancy so that only the running guest OS has access to the underlying [virtual] storage and vDRAM (including at boot time).

There is more than one good way to perform high-availability with services that can go into the public cloud.

Gary Myers said...

I think some Cloud residents don't actually get that somewhere, there is hardware. So BadGuy grabs some Cloud Storage, writes some stuff, deletes it, releases the storage. Those bytes can still be on the physical disk, and THAT is what the FBI have a reasonable excuse to take away for forensic examination.

David Maynor said...

@Gary Myers
Thats a good point I never thought about that before.