Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions

Friends Don't Let Friends Misunderstand Clouds

创建时间: 10 9 月 2012 • Updated: 18 12 月 2012 • 4 条评论
Jeannie Warner 的图片
+5 5 Votes
Login to vote

This is the first in a series of ponderings I've been having about Cloud computing, how little it's understood by end consumers, and what we in the IT space need to do to better educate the people on the street. The general internet has been greedy in terms of self-interest, selling people short in its expectations of their ability to learn about concepts and ideas. However, I am idealistic enough to really believe that once people understand what is in their best interest in terms of internet security, they will tend to act in ways that support that self-interest, to the extent that they are able. And so if we wish people to act in enlightened self-interest, we need to educate the society around us.

This pondering started when I read this viral article from the Business Insider, spread by Facebook: http://www.businessinsider.com/people-think-stormy-weather-affects-cloud-computing-2012-8

My first reaction to some of the statistics and findings as an IT person was to scoff. "Really? That's nonsense", I thought. Then I read it again, and realized, "Oh my gosh. They're talking about my mom." (Sorry, mom.) And suddenly instead of wanting to scold her again as I do annually for never changing her passwords, I instead realized my entire tone was wrong. How can you scold a third grader for not properly solving a quadratic equation put in front of them with breakfast? I think it’s our fault, we children of the computer who have made the internet our livelihood. We left our parents, our siblings, our neighbors, and so many others behind as we forged ahead, and we did it because we had a major fail in communication.

Breaking down failure is hard, but one must try if one is trying to fix what one has broken. So the first issue I think we need to address is language. We've moved into such technical gobbledygook that one techie group within an organization sometimes cannot understand what the other group is saying. I'm going to put a cry out here for our different groups to talk to one another more often, and figure out common languages. "Cloud" is a word that isn't going away. But has anyone defined it? I’d like to offer props to Wikipedia for good words and pictures, absolutely. However my mom doesn't randomly look things up in Wikipedia. She watches the news in the evenings as her only TV. What are we doing to educate the network news watchers?

I went out to a couple other sites on search engines looking for “cloud computing”, and many articles seem to start out with lines like, "You're an executive/IT Manager at a large corporation." What if they're not? Mom would surf right away from that site. She's just trying to figure out what her daughter does for a living so she can brag about it. What I learned to do is give her sound bites over the years, in words she can understand. "I monitor what happens on the internet, mom. I try to catch people trying to break into other people's computers."

If I had to do it for my mom so she could brag about her kid during holidays, maybe we need to do it as an industry. We all have relatives - we are people, not a corporation. We are individuals working together in support of common goals. Can we make one of our common goals to be the education of our friends and family? Will all of you go home tonight and start explaining in small words what a cloud is? If you have kids, can you draw it on a chalkboard and go to their school for show and tell?

And what will we do as a Computer Security Collective to educate the dads and moms in the world who aren't lucky enough to have their kids work here? I think it's something to think about. Do something today to help that statistic improve. Stormy weather should only affect your Cloud if you have a satellite internet connection, and a strong wind moves the dish. Help people understand that they are part of the cloud with every text they send.

评论 条评论跳转至最新评论

dsmith1954 的图片

The main reason I will never recommend the "cloud" is because I do understand what it is. It's putting your data out on the Internet under the control of someone else. It means trusting someone else to safeguard your company, or personal, data. How many times a year do we hear of someone hacking into a company's network and stealing data? Or, the many times a year a company lets an outside consultant have access to your data on their laptop, and the laptop gets stolen.

Anyone ever hear of identity theft? The more personal data that gets put "in the cloud", the greater your chances of being a victim of identity theft. No one wants that.

I trust the company I work for, but the minute they put my information out on the "cloud" for someone else to safeguard, I'm looking for another job.

There have been too many instances, especially back when the "cloud" was called SaaS, where a company would go belly-up and sell your data to the highest bidder.

Privacy statements and contracts are usually out the window when it comes to bankruptcy or a sale. Yes, you can go to court to get your data back, but by then it's too late.

Hackers are usually one step ahead of security, and by the time you discover that you've been hacked, it's too late. They are long gone with your data. We're getting better with security, but security will almost always be reactionary because no matter what you put in place to protect your data, if it is valuable enough, someone will always find a way to get at it.

If a "cloud" service wants too much of my personal information, I don't sign up. Period.

So, to sum it all up - no cloud for me, and if I can help it, no cloud for any company for which I work. If they don't keep it in-house, bye-bye. Call me paranoid if you want, but I work in IT and know what can be done.

Login to vote
Zain 的图片

I guess everyone has mixed feelings when it come to using cloud storage, there are advantages and disadvantages but ultimately it comes down to whether or not it is something you need. Security and privacy concerns will never go away, hackers will always find someway of getting their hands on your data.

Great blog article i look forward to more.

Login to vote
Jeannie Warner 的图片

It's interesting to me that (and I'm going to assume something here dsmith, so if I'm wrong please correct me gently) people equate clouds just with their data and storage. And yet most tech folks have little smart phones, and don't think twice about checking their bank balance, scanning a sigil at a restaurant for coupons, or in other ways checking their facebook, sending a tweet online.

Even pumping gas, technically, sends your information over a network. APIs and SKIs are all encrypted and go through the 'cloud' the same way some folks imagine big data, or hosted websites, or the old CoLos.

The cloud is more than storage. The cloud is information that moves down through every device you own to other places. And you can THINK it's just a single connection, but it's not always secure even in how you access the information. Improper implementation of TLS/SSL in APPs has been pointed to a number of times, as well as other information transfer methods.

Android and Oracle were neck and neck just a couple years ago for Pwnies, as we recall, along with Adobe. (Sorry Adobe! You know I love you, truly.) These all make tools we use to move information every day. It's the greater Cloud.

And sometimes information hops multiple times. You reach out to your bank, who may or may not use a hidden intermediary to process, who also checks in the end with Visa/Amex/MC to confirm things. I paint with broad strokes here, but all these things in the end are part of the Cloud. All of these locations store your data, one piece at a time.

I tell my family that Facebook is forever, even though they keep losing my posts. And whenever they ask, I say the Internet in general is forever, for purposes of not being foolish about what they post.

I submit to you all that the lines between Cloud and Mobile and Identity Management are all becoming a, pardon the expression, foggy blur. I am one of those who increasingly agrees there is no privacy. There's only smart or foolish, and for us in tech there's only careful implementation or mistakes. We can't control Hackers. We can only make their jobs harder, and make ourselves uninteresting targets.

Login to vote
dsmith1954 的图片

Call me paranoid if you want, but security is a top concern of mine for both business and home. So, with that in mind...

There is a huge difference, that some people aren't aware of, between need and want. Most "cloud" stuff is a "want" in my book. The cloud is not needed.

My phone is "dumb". It doesn't have a GPS, other than the one built in for 911 calls. I dont' have a data plan on my phone, so I'm not surfing the web on a silly little phone. I don't own, nor will I ever own, a so-called "smartphone" or "idiotPhone" as I like to call them. I don't own an "idiotPad" either. If it gets to the point where there are no more "dumb" phones being produced, and mine finally dies, then I'll cancel my cell phone service. A cell phone is a want, and a big invasion of privacy. It isn't a need.

I don't own, nor will I ever own, a car that has a GPS or any type of "OnStar" technology. I learned a long time ago how to read a map, and road signs. They're more accurate than most GPSs anyway. A GPS is a want, not a need.

I will never control my house temperature from the Internet, or open the doors to my house. However, I do have security cameras that I can monitor from the Internet. These are wants and not needs.

I also do my best to keep my personal information as far away from the "cloud" as possible. Any site that has a requirement for personal information will generally lose me as a customer, unless I really and truly NEED, not want, that particular service.

I pay with cash wherever possible, especially at restuarants. I don't have a credit card. My debit card never leaves my hands, except when I'm asleep. I got burned once. It won't happen again. Credit cards are wants, not needs. You have to want to be in debt up to your ears. It isn't a requirement to truly live.

Facebook only has the bare minimally required information - Name, Date of Birth, and email address. Unless Facebook releases the information, only my "friends" have access to see what I post. Oh, and I don't go collecting "friends" just say I have a million "friends".

I am not a fan of Twitter, so I'm not a Twit. :-)

Personal, or Company, information does not need to be public, or compromised by the Cloud. It is a choice people make. To me, putting all your information out in the cloud is like leaving your keys in the ignition, and possibly the car running, while you run into the store to buy something. It's just not a smart thing to do. Someone is going to steal your car (information) and leave you stranded.

For me, there is no "foggy blur". There's a clear line that I try not to cross. As Franklin once said, those that give up their privacy for security shall have neither. Paraphrasing of course.

Login to vote