Rugged is…. knowing what makes a device dangerous to the data on and flowing through it, and taking reasonable steps to lessen the danger.
NEW CONCEPT — Convergence
Once separate disciplines, physical safety and digital safety are becoming so intertwined you can’t have one without the other. Mechanical and digital have converged and are inseparable. Pacemakers, automotive braking and steering systems (and most of the rest of the autombile), systems that run nuclear power plants, the electrical grid, utility meters are all now controlled by computers and in many cases connected to the Internet either physically or wirelessly. ( If you don’t have the most current version of Flash use this link: http://www.ted.com/talks/lang/eng/ray_kurzweil_announces_singularity_university.html)
It’s only those in their 20s that haven’t used record players, rotary phones, typewriters, or gotten pictures developed instead of printing them out. Televisions used to be analog, not digital. Telephone calls used to be only possible from a special device that was leased from and installed by the telephone company. Games used to be played face to face on tables. The postman used to deliver personal letters. A radio was AM and FM and had to be plugged into an electrical outlet. Music was played on record players reading vinyl disks. Research used to be done in books and encyclopedias sold by door to door salesmen or used in a library. Calculations were automated by slide rules. Goods and services were paid for with paper money or checks. A camera took pictures on film that had to be developed. These functions have all “converged” into one pocket sized device. A smartphone now has more capability than all those 10 single use physical objects put together. That is convergence, too. (Add other convergence functions in Comments below).
Not only does that 4 ounce device receive information, it also SENDS OUT signals that everyone within at least 30 feet can pick up and read.
The End of Computers as We Know Them ? Elegant graphical review of computer origin through speculation on digital future. What do you think? (Comment below).
Text messages are not encrypted! Credit card numbers, emails can all be intercepted and the owner will never know it. 80% of cell phone calls world wide are encrypted with GSM (Global System for Mobile) but the GSM algorithm, used since 1988, has been broken and cell carriers are being called to strengthen cell phone security.
Use encryption if uploading sensitive information to “free” cloud storage servers.
This term refers to storing digital files on servers in vast computer rooms managed by a commercial company and accessible from the Internet as opposed to storing data on an individual’s or a business’ own computers. Internet storage of files has been around since Napster and Kazaa. Those were technically as much cloud computing as the newer meaning of large corporations (IBM, Amazon, Google, Microsoft, Rackspace, Salesforce) who are building huge data centers at different locations throughout the world, hold thousands of computers and serve as repositories for users to store their data. We cannot stop moving into the cloud. Everything is moving to the cloud, but at this point the features and services offered are not mature. Businesses need to evaluate what to expect from cloud services.
There are three primary models for Cloud Computing:
- SaaS – Software as a Service (e.g. Google Apps, Email)
- PaaS – Platform as a Service (derived from SaaS)
- IaaS – Infrastructure as a Service
This video (36 min) is a very good overview of Cloud Computing models, what services are offered, what the risks are, issues in migrating to the cloud, long term viability, the security considerations and keys to success. (Creation of free account required to view).
(Added 6/3/2011) Based on several recent comments, here is a good blog post on using cloud storage for your personal or business files. Basically, it says encrypt sensitive files before uploading anything to cloud storage. Here are more news briefs that mention an FTC complaint against one of the free cloud storage providers. Also, there seems to be a weakness that if Jack Bauer copies the cloud provider’s configuration file on your computer to his computer, he can then have access to all files you have uploaded to that cloud provider. (Article on how that works). You should assume that it is relatively trivial to access (by an attacker, co-worker, legal procedure) files stored in a cloud and be sure to encrypt files appropriately before uploading them.
Buyer Beware! The most mature cloud computing company is only three years old!
Two large issues that have to be resolved before deciding on cloud computing services:
Who owns our data? If we retain ownership of the data and control of the servers but have responsibility and liability if the data are disclosed, then we are in trouble. Legal contracts with cloud providers should focus on ownership and liability in legal contracts, policies and documents.
Within the last three years more computer functions have migrated to “The Cloud”, large data centers with acres of computers stacked in racks that store information. This is in keeping with Tim Berners-Lee’s vision of the Semantic Web which was that anyone anywhere on the Internet could ask a question and analytical engines would process the question, evaluate what it involved, search the Internet for the correct information that would deduce an analytical answer. Having data move up into the cloud is an inevitable step towards that ultimate vision. However, cloud computing is still very new. Cloud vendors don’t seem to have a sense of responsibility about protecting the data they are so anxious to store. Nor do cloud customers seem to understand what rights to data are being given to the cloud provider.
For individuals or small businesses using a cloud storage option now (e.g. Evernote, Dropbox etc), have you read the End User License Agreement? Several state that any and all information stored with their service becomes their property. Small businesses using a cloud backup option that contains e.g. customer contact lists — that cloud provider now owns that contact list or other sensitive information. Even if it’s not sensitive and the data are lost or corrupted, who has the liability to replace the data? The customer or the cloud provider?
Technology on the Horizon —
Visual Recognition Technology: Technology that lets you see videos from a newspaper picture.
Face Recognition software now lets you compare two pictures anywhere on the web to see if it’s the same person.
iPhone as Credit Card? —Near Field Communication (NFC) chip Is this realistic or not? Comment on this or other new technology, below.
Our traditional computer security has focused on securing the devices we use. That’s becoming less and less practical both because devices are changing rapidly and because of the variety of devices used. It is becoming more and more important to put some safeguards on the device and its software, but becoming even more important to figure out how put the protection closest to the data needing protecting.
Once again, the concept that data are an asset emerges to the forefront of any computer security planning.