Because my personal desktop at home, or my workstation at work, connects to the Internet, my data is in "the cloud?" That doesn't make any sense. So because I have systems here at work where I store workpapers and documents and other materials related to my clients, that information is actually residing in the cloud? I'm not sure I agree.
The communication methods (VPN, SSL, frame relay, etc...) in use can certainly provide for a level of trust and security, but the fact of the matter is that when your data resides elsewhere (someone else's data center) then you are leaving it up to your service level agreement with that vendor to protect the data. At that point, you can only do what's reasonable up until the point it reaches their systems, then it's out of your hands. The type of scenario that you're describing is already happening and there are already issues with outsourcing data and other IT functions in that manner. Let's say that I have an agreement to store electronic backups with NTG (Venue, whatever) here in Baton Rouge. I ensure that the method of communication is secure and uses encryption, and that the servers performing the backups mutually authenticate each other. Great! What happens when someone walks into NTG and walks out with my blade or my tapes? There wasn't much I could do to secure that data other than agree to the service level agreement. So now we want to take that concept and apply it to every facet of daily computing? Even if the application is stored in the cloud and the data resides locally on a hard drive or network storage device, what happens when the central application is modified or exploited in some way? Will we know? Can we know? How many people will it affect? Everyone? Bundle in all of the regulatory and governmental issues concerned with storage and transmission of personal data and other pieces of information, and you're looking at years before something like this could be practical for businesses or individuals dealing with sensitive information. Only when the operating system (Chrome OS for instance) resides WITHIN the trusted computing environment does this make sense, and at that point we're looking at something similar to Citrix, mainframes and dummy terminals, etc... which isn't exactly a new breakthrough in computing. I guess that Citrix has been doing it reliably for years, but remember that the Citrix servers don't reside on Citrix's network - they reside on your own, and you are responsible for securing them. On the other hand, a lot of idiots can't even apply a simple patch or update once a week/month to eliminate a vulnerability. With millions of people out there running their own independent versions of an unpatched operating system, it gives attackers many more targets to hit. If updates and security fixes were applied to centralized applications, that would simplify the problem. Sorry for the rambling. I'm not saying it isn't a great idea and that reducing costs isn't a good thing, I'm just saying that simply allowing my data to reside elsewhere because it's "cheap" and "logical" and "the next step" doesn't necessarily make it safe. Maybe I am being too paranoid, but that seems unlikely given the stories I read every day in the newspaper about identity theft and electronic data breaches. The solution doesn't seem to be putting all of our eggs into one basket, but many eggs in many different baskets. :) From: [email protected] [mailto:[email protected]] On Behalf Of Tim Fournet Sent: Monday, July 13, 2009 12:06 PM To: [email protected] Subject: Re: [brlug-general] Not everybody thingks that Chrome OS is goingto be all that great.. If your computer is already on the internet, then your data is already in the "cloud". Your trusting it to be secure just because it physically lives at the same place you do? Many of us use VPNs or SSL to get to data stored at remote facilities every day. Renting space or computing resources somewhere else is just a logical advancement of that idea. The benefit is your are able to take advantage of someone else's economies of scale to bring down the costs of running your own business. Consider this scenario: 10 companies. Each of these companies has two sites. They have decided to install a Small Business Server at each site because their local IT consultant told them so. Each server ran them somewhere in the neighborhood of $5,000 including software, licenses, and hardware. Since each site is running their own Exchange (SBS) Server, they must keep power and cooling active 24/7. They also need to dedicate a secure location in their buildings with adequate power and cooling to run a server. Total investment between all of these companies is at least $100,000 plus recurring costs of electricity and cooling for 20 facilities. Do these sites need guaranteed uptime? Battery Backups, Generators, etc? Those cost a lot. What is the average utilization of each server? They're basically all doing the same thing. They require a lot of computing resources because they are running Windows, Exchange, and all the other "features" of SBS. If you were running all of this out of one facility, how much equipment would it really take to run it? Maybe $20,000 worth? How many sets of air conditioners need to run? One (two for redundancy)? What about expertise? Each company would need to hire an IT consultant to manage all of these servers. If they were consolidated, then it would only take one team to manage this. That is the real benefit of "cloud" computing. Once you understand the technology and build a layer of trust between yourself and your provider, then it makes sense. You are allowing an organization that has its own resources and expertise to handle the job of data storage and access, and you focus on your real work. If you understand the nature of data then you know that you can make your own backups if you don't trust your provider not to lose your data. Your backups won't be as "available" but you'll have the data available if it ever came to that. On Mon, Jul 13, 2009 at 8:41 AM, Jarred White <[email protected]> wrote: **Additionally, I abhor the idea of me not owning the location where my data is stored. How is that good for me as a business? Sorry I'm late to the party :) You said it. The security implications about something like this really bother me. I have to be a lot more confident about the security of my transport protocols and the level of trust between other systems I communicate with before I feel okay with storing apps and other data out there in "the cloud." Can you guys imagine having a Citrix environment located out there on the public Internet? :P Having said that, I'm interested to see where this goes. Things like the new Palm Pre operating system and Moblin really intrigue me, and while I think they're most certainly the future of portable devices, I'm not so sure how I feel about desktop computing heading in that direction. Brad - don't lie, you know you use IE because you love it. ------------------------------------------------------------------------ ----------------------------- Pursuant to IRS Circular 230 and IRS regulations we inform you that any federal tax advice contained in this communication is not intended or written to be used, and cannot be used, for the purpose of avoiding penalties imposed under the Internal Revenue Code. ------------------------------------------------------------------------ ------------------------------------------ Postlethwaite & Netterville Implements New Email Encryption Software to Further Protect Confidential Data Confidentiality is a hallmark of the accounting profession and it is of the utmost importance to our client relationships. At P&N, we are committed to keeping your data confidential which is why we are implementing new email encryption software. This software inspects all outbound emails from our firm. Emails that contain attachments will require you to enter a password to download the file. This ensures that your confidential data cannot be read by anyone other than the intended recipient. Emails with attachments will include a link to a secure web server. Click on the link to download the attachment. The first time you receive a secure email from the firm you will be required to setup a password. This will be your password to access future attachments. For our clients and others, there will be a small step to download the encrypted files; however, we believe the added confidentiality benefits far outweigh the few seconds that are required to access the attachment. If you have questions regarding this new process or if you forget your password, please contact Jessica Aymond, P&N Network Administrator, at 225.922.4600. ======================================================================== ============================= _______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net ----------------------------------------------------------------------------------------------------- Pursuant to IRS Circular 230 and IRS regulations we inform you that any federal tax advice contained in this communication is not intended or written to be used, and cannot be used, for the purpose of avoiding penalties imposed under the Internal Revenue Code. ------------------------------------------------------------------------------------------------------------------ Postlethwaite & Netterville Implements New Email Encryption Software to Further Protect Confidential Data Confidentiality is a hallmark of the accounting profession and it is of the utmost importance to our client relationships. At P&,, we are committed to keeping your data confidential which is why we are implementing new email encryption software. This software inspects all outbound emails from our firm. Emails that contain attachments will require you to enter a password to download the file. This ensures that your confidential data cannot be read by anyone other than the intended recipient. Emails with attachments will include a link to a secure web server. Click on the link to download the attachment. The first time you receive a secure email from the firm you will be required to setup a password. This will be your password to access future attachments. For our clients and others, there will be a small step to download the encrypted files; however, we believe the added confidentiality benefits far outweigh the few seconds that are required to access the attachment. If you have questions regarding this new process or if you forget your password, please contact Jessica Aymond, P& Network Administrator, at 225.922.4600. =====================================================================================================
_______________________________________________ General mailing list [email protected] http://mail.brlug.net/mailman/listinfo/general_brlug.net
