In a press release of 2 March 2011 DG Information Society makes it known that it supports cloud computing and has awarded some 35 million plus euros to three projects that are to foresee in cloud computing space, software, infrastructure and network capacity within Europe. All very fine, was my reaction, but what about security?
The Reservoir project
Let’s first see what the press release says about the intention of one of the projects:
“The RESERVOIR project concerns how a European cloud computing infrastructure could be built. The research project focusses on developing software that would make available underused computing resources from various suppliers and provide them as a service to companies and public administrations in need of such resources. The aim is to enable companies with underused computing resources to make their infrastructure available as a “cloud service”. RESERVOIR is building technology for a European “cloud”, allowing European companies to easily become a cloud provider using the RESERVOIR software.”
So I understand this as: public and private institutions that have underused computer capacity give up this capacity to any other in need of it. Thus efficiency is made and costs go down. Everyone can connect on the open Internet and use free space. It sounds good, right?
So here we are, in a world in which it is known to those who want to, that intellectual property is hacked of computers on a daily bases, government websites and private networks are hacked for months on end without detection, cyber offensive software is placed in critical infrastructure by foreign nations, digital data is being stolen by the millions and banks get hacked into every time a good hacker is asked to do so. I do not need to go on, do I?
So here we are in a time that every nation seems to be busy drawing up a national cyber security strategy. Spending millions on strategies that (should) address critical infrastructure, intellectual property protection, safe public and private networks, cyber logistics for food and energy, banking transactions and maybe even involves regulation for taking some part of critical infrastructure and defence of the Internet.
Two of the underlying problems is that most everyone concerned has connected his network to the public and very open Internet and to save costs installed common and probably the cheapest available software. So critical infrastructure as well as public and private institutions are connected through the Internet and are accessed by hackers. The software we all use is unfortunately very much flawed where security is concerned and in part responsible for the issues raised.
Cloud computing and saving costs
Again I read a communiqué that stresses the possibilities. Look at what we can do! We can make this work, we have the technical skills and we combine this with a wish to save costs and voilà. We have a great new tool for everyone to use. I do not want to be a doom and gloom guy, but who in this project has given a serious thought to security of all this data that is going to be downloaded, (in)stalled and accessed on someone else’s network? Sound familiar this installing?
CERN is very probably one of the most expensive research centres ever. I suppose, but do not know, that when results are achieved, that something in the way of return on investment through capitalisation on inventions has to come out of CERN. A significant economic advantage towards other economies? And here I read, in the age of cyber hacking, that CERN is the first to be on board in this cloud computing experiment and to (help) save costs as well. Is it me paranoid or is something very eschew here? Who has wondered what could be lost here in an economic sense?
Another little titbit I throw at you to ponder on. The world has to learn that there are two sides to cyber issues: the possibilities and the threats/vulnerabilities. If these are not matched somehow in the near future, why bother with a cyber security?
Wout de Natris, De Natris Consult
Leiderdorp, 2 March 2011