Why Cloud Security Is Hard

    When I interviewed the head of one of the most successful Ubuntu based Linux Distributions a few weeks ago we talked about how he factors security into the project’s goals.  The metaphor he used in the interview was that security is like swiss cheese.  There are naturally going to be holes in the product, but it doesn’t become a problem unless there are too many holes allowing something to pass through, or get in too deep.  As the head of the project he’s the one ultimately responsible for its security.  I know who to reach out to if I find a bug or something goes wrong.

    One reason why Cloud Security is so challenging is because it’s often hard to know who to reach out to when holes are found.  One of the worst practices still seen in the industry is storing people’s information unencrypted.  When a local realty site asked for some personal information before they showed me a listing and then sent the information plain text to me over email I was really glad I used a burner email address (one reason why it’s good to own your own domain).  

     I called the company up and told them they weren’t following good practices and needed to encrypt my data or remove it.  The real estate market requires a broad range of skills.  Computer security isn’t one of them.  As polite as the realtor was on the phone he didn’t understand why he needed to change anything on his end.

     Irena Bojanova is a wonderful contributor to the IEEE and her article on Addressing Cloud Security provides a good overview of the trade offs involved in different types of cloud implementation.  SaaS puts the onus of security on the hosting company while PaaS and IaaS move the security requirements (minus physical security) closer to the customer.  Security is so important in the cloud that it will change the way I implement my projects significantly.

     I’m perfectly capable of setting up a LAMP server in the house and getting the port forwarding to allow outside access, but encouraging that traffic into my LAN isn’t something I want to own.  If all I need is a LAMP server I’ll often host at DigitalOcean.com because they make it easy to get it running in under a freakin’ minute!  When I host with them it’s basically a PaaS setup.  But if I run the LAMP server on DigitalOcean I get full control over it, and a lot of the responsibility for securing it.  Most of the time I don’t want to deal with the hassle–even if WordPress does do automatic updates (insecure plugins are still a good sized attack vector).  In that case I’ll build a site using Squarespace.com.  Squarespace does all the coding for me so all I really have to do is worry about layout and content.  When I went to launch jfroecker.com I decided to go with them because I’d never have to troubleshoot a denial of service attack or a code injection gone wrong.  That piece of mind makes a big difference.

    Google’s record of finding and patching bugs is impressive and so there’s some data I’ll host on google drive because of their ability to protect the content at least as much as my password will allow.  As one of the world’s largest data repositories they’re often called upon to comply with subpoenas for information and as much as they patch holes, they also comply with their legal obligations to assist law enforcement.

     There’s no perfect solution to security in the cloud.  It’s like swiss cheese.  There are going to be holes, but before you go throwing your data up online you might want to take a look at how deep and how big those holes are.


More Cloudy Thoughts

It’s not only the initial push or the initial pull from the cloud backup service that has to be considered.  There’s a bandwith requirement for each file changed on the system.  Tarsnap does a very good job minimizing the cost of transfer, but it’s obviously not marketed well enough to make lists with Microsoft and Google in the mix.

To illustrate the bandwidth situation, if I move files from a lower folder to a higher folder in a directory tree synchronized using csync it will treat the operation as a delete & copy reposting the files I have on my machine and using the bandwith twice.  BitTorrent Sync will simply treat it as a move and adjust the metadata controlling the directory tree to logically place my information in the proper folder without having to repost the file.

With the closed source solutions listed above I wonder how they try and reduce the day to day bandwith costs.  I know the scenario is based on a single restore request, but if that restore isn’t built on the incremental updates then it’s not much of a backup.

I don’t disagree with the fact that it can and that the cloud a powerful way to get the job done, but that when implementing a solution it’s important to understand how the technology works to accurately be able to calculate the cost.

The DoD went to the cloud for email etc.  Well, during the summer of 2015 they upgraded Europe’s version of MS Office to 2013.  This upgrade was stored on servers in the states and necessitated redownloading each user’s email history afresh.   Since the DoD seems to mandate that internet connections terminate in the US, all of this traffic had to travel over the narrow leased portion of the transatlantic lines.  This upgrade and congestion virtually shut down communications for Europe during crucial operations as the network was busy pushing the same office update to thousands of computers and then rebuilding their outlook databases from the original emails.

Yes the cloud can absolutely work and it does reduce the requirements of managing hardware, but it adds other dimensions that I think are worth pointing out and discussing.  I’m personally a fan of cloud solutions provided they have localized repositories similar to a CDN.  What are your thoughts on moving to the cloud?