VI. Technology

Rugged is…. knowing what makes a device dangerous to the data on and flowing through it, and taking reasonable steps to lessen the danger.

NEW CONCEPT — Convergence

Once separate disciplines, physical safety and digital safety are becoming so intertwined you can’t have one without the other.   Mechanical and digital have converged and are inseparable.  Pacemakers, automotive braking and steering systems (and most of the rest of the autombile), systems that run nuclear power plants, the electrical grid, utility meters are all now controlled by computers and in many cases connected to the Internet either physically or wirelessly. ( If you don’t have the most current version of Flash use this link: http://www.ted.com/talks/lang/eng/ray_kurzweil_announces_singularity_university.html)

It’s only those in their 20s that haven’t used record players, rotary phones, typewriters, or gotten pictures developed instead of printing them out.  Televisions used to be analog, not digital.  Telephone calls used to be only possible from a special device that was leased from and installed by the telephone company.  Games used to be played face to face on tables.  The postman used to deliver personal letters.  A radio was AM and FM and had to be plugged into an electrical outlet.  Music was played on record players reading vinyl disks.  Research used to be done in books and encyclopedias sold by door to door salesmen or used in a library.  Calculations were automated by slide rules.  Goods and services were paid for with paper money or checks.  A camera took pictures on film that had to be developed.   These functions have all “converged” into one pocket sized device.  A smartphone now has more capability than all those 10 single use physical objects put together.  That is convergence, too.  (Add other convergence functions in Comments below).

Not only does that 4 ounce device receive information, it also SENDS OUT signals that everyone within at least 30 feet can pick up and read.

The End of Computers as We Know Them ? Elegant graphical review of computer origin through speculation on digital future.  What do you think? (Comment below).

Encryption

Text messages are not encrypted!  Credit card numbers,  emails can all be intercepted and the owner will never know it.  80% of cell phone calls world wide are encrypted with GSM (Global System for Mobile) but the GSM algorithm, used since 1988,  has been broken and cell carriers are being called to strengthen cell phone security.

Use encryption if uploading sensitive information to “free” cloud storage servers.

The Cloud

This term refers to storing digital files on servers in vast computer rooms managed by a commercial company and accessible from the Internet as opposed to storing data on an individual’s or a business’ own computers.   Internet storage of files has been around since Napster and Kazaa.  Those were technically as much cloud computing as the newer meaning of large corporations  (IBM, Amazon, Google, Microsoft, Rackspace, Salesforce) who are building huge data centers at different locations throughout the world, hold thousands of computers and serve as repositories for users to store their data.   We cannot stop moving into the cloud.  Everything is moving to the cloud, but at this point the features and services offered are not mature.  Businesses need to evaluate what to expect from cloud services.

There are three primary models for Cloud Computing:

  • SaaS – Software as a Service  (e.g. Google Apps, Email)
  • PaaS – Platform as a Service (derived from SaaS)
  • IaaS – Infrastructure as a Service

This video (36 min) is a very good overview of  Cloud Computing models, what services are offered, what the risks are, issues in migrating to the cloud, long term viability, the security considerations and keys to success. (Creation of free account required to view).

(Added 6/3/2011) Based on several recent comments, here is a good blog post on using cloud storage for your personal or business files.  Basically, it says encrypt sensitive files before uploading anything to cloud storage.  Here are more news briefs that mention an FTC complaint against one of the free cloud storage providers.  Also, there seems to be a weakness that if  Jack Bauer copies the cloud provider’s configuration file on your computer to his computer, he can then have access to all files you have uploaded to that cloud provider.  (Article on how that works).  You should assume that it is relatively trivial to access (by an attacker, co-worker, legal procedure) files stored in a cloud and be sure to encrypt files appropriately before uploading them.

Buyer Beware! The most mature cloud computing company is only three years old!

Two large issues that have to be resolved before deciding on cloud computing services:

  • Ownership
  • Liability

Who owns our data?  If we retain ownership of the data and control of the servers but have responsibility and liability if the data are disclosed, then we are in trouble.  Legal contracts with cloud providers should focus on ownership and liability in legal contracts, policies and documents.

Within the last three years more computer functions have migrated to “The Cloud”,  large data centers with acres of computers stacked in racks that store information.    This is in keeping with Tim Berners-Lee’s vision of the Semantic Web which was that anyone anywhere on the Internet could ask a question and analytical engines would process the question, evaluate what it involved, search the Internet for the correct information that would deduce an analytical answer.  Having data move up into the cloud is an inevitable step towards that ultimate vision.  However, cloud computing is still very new.  Cloud vendors don’t seem to have a sense of responsibility about protecting the data they are so anxious to store.  Nor do cloud customers seem to understand what rights to data are being given to the cloud provider.

For individuals or small businesses using a cloud storage option now (e.g. Evernote, Dropbox etc), have you read the End User License Agreement?  Several state that any and all information stored with their service becomes their property.  Small businesses using a cloud backup option that contains e.g. customer contact lists — that cloud provider now owns that contact list or other sensitive information.  Even if it’s not sensitive and the data are lost or corrupted, who has the liability to replace the data? The customer or the cloud provider?

Technology on the Horizon —

Visual Recognition Technology:  Technology that lets you see videos from a newspaper picture.

Face Recognition software now lets you compare two pictures anywhere on the web to see if it’s the same person.

iPhone as Credit Card?  —Near Field Communication (NFC) chip  Is this realistic or not?  Comment on this or other new technology, below.

Our traditional computer security has focused on securing the devices we use.  That’s becoming less and less practical both because devices are changing rapidly and because of the variety of devices used.  It is becoming more and more important to put some safeguards on the device and its software, but becoming even more important to figure out how put the protection closest to the data needing protecting.

Once again, the concept that data are an asset emerges to the forefront of any computer security planning.

Advertisements

45 Responses to VI. Technology

  1. Joe says:

    Interesting information about “The Cloud”.

  2. It's Me says:

    Using your cell phone as a method of payment is a disaster waiting to happen.

    • 01407 says:

      An easy way to steal others information. Wait until they use their cell phone to process payment then steal the phone or use wifi to get the info.

  3. GTM says:

    Having recently done a bank wire transfer, the bank uses a text message to your cell phone to send a numeric code to execute the wire transfer, in addition to your online account credentials. Of course they follow-up by phone the next day to give you a security quiz before they complete the transfer. They cover all the bases….

  4. Vicky says:

    As someone who used to spend hours in a darkroom, it’s better for the environment to use a digital camera (even though I miss smelling like fixer!). However, I’m still not convinced that a great number of people aren’t going to lose all of their digital pictures or have them become inaccessible. Remember the Zip drive?!

    • Longshot9 says:

      Ah, the Zip drive. The solution to all our storage needs. An excellent point. How long before CD/DVD storage becomes as ancient as an 8-track?

  5. Jean says:

    Not using my smart phone to transfer PII, thankfully, since I’m learning how unsecured they are.

  6. HM says:

    I was wondering what all the talk about the cloud was, now I know.

  7. IT Chief says:

    Odd that we are not suppose to “stream video” at our agency but the course is laced with it

    • hacker says:

      “They” don’t want you streaming youtube videos of your best buddy’s bachelor party, but for training purposes, it’s fine.

  8. Kubla says:

    Who reads the end user agreements anyways. I’ve tried but I fell asleep. Its funny because I knew all of the words but I just couldn’t understand what they meant. I figure that the software developer would never mean to do me any harm though, right? I’m expecting my iCentiPad in the mail any day now.

  9. hordak says:

    Isn’t the cloud a just another name for outsourcing?

    • Lydia says:

      I think there are some similarities, but the liability/data ownership issues are what make it a game changer. We currently outsource work to contractors but the data and responsibility are still (the organiztions) ours. In the cloud, we don’t know what country our data are stored in or what the laws regarding ownership of data and privacy are there, in e.g. India, Asian countries. Europe is vastly more strict on privacy laws because of their experience leading up to WWII, when ethnic or religious groups had to “register”.

  10. pamela says:

    I don’t think everyone using an smart phones realize some of the ramifications.

  11. GovtContractor says:

    I use my smart phone for a lot. Glad I now see it is not as safe as I thought.

  12. George says:

    Well written article – hits squarely on the issues surrounding cloud computing.

  13. colston says:

    Cloud computing sounds great but the security indications as well as ownership and liability make it seem very far away….unless we will be spending are days on encrypting and decrypting.

  14. Chris says:

    Funny thing, the other day with my new phone, I was able to do 9 of the 10 items listed above. I could watch a video that I had uploaded to it, I could listen to MP3 music or to an internet radio station, I could have played a game (I installed Angry Birds…for my son), I could email or text a message, and read any of a dozen books that I have uploaded to it, and of course the calculator was available. I could have paid for an item online with the 4g connection, and I could have taken a picture….but I was not in cell coverage area…soooo the one thing I could not do with my phone was…make a telephone call.

  15. leewelch32 says:

    watch “enemy of the state” with wll smith and gene hackman, etc.
    convergence scares me more than anything talked about so far.

  16. Pam Perret says:

    Everyone should take into consideration the cost of free apps and how we can do soo much on our cell phones.

  17. Sydney says:

    I now have a better understanding of the cloud….thanks

  18. OctalMan says:

    I am a cloud skeptic. Computer security begins with physical security. When your data is in the cloud, you are trusting Microsoft, Google, or Amazon’s physical security without the ability to audit or inspect it. In addition, the Cloud implies massive virtualization. Even minor virtualization is a major paradigm shift. If entire machines can be duplicated in minutes with0ut stopping, how do you know whether a black hat is doing it behind your back or not? Marketing=haste.

  19. TSB says:

    Technology will always change and there will always be new technology. With all the security threats out there, why don’t the engineers and people who design this build in security from concept? Granted they may not be able to completely eliminate all security vulnerabilities, but it seems so many companies release software and hardware early to make extra $$$ without allowing enough time to secure it first.

  20. thedudea says:

    I first thought the cloud was another way to get you to pay for a service on top of what you already pay for internet access.
    But it isn’t.
    Now if I can only rely on having access to a computer everywhere I go so I don’t have to carry a laptop that would be great.
    But now I have to carry a laptop and all my music photos and finances are on the laptop.

  21. Tim Roles says:

    I really enjoyed the portion about the cloud.

  22. tom says:

    While onwership of data in the cloud is an important topic, even more important is access to the data. Follow my paranoid logic, if “knowledge is power” and knowledge is specfic information, and information is data and we put our data in the cloud, to whom are we giving the power.

  23. Mike says:

    Unfortunately I am old school and will continue backing my data up to external hard drives. The Cloud sounds like a wonderful place for those from never never land who have no fear of losing data.

  24. DJM says:

    The cloud sounds like an accident waiting to happen.

  25. AID says:

    Explained well how digital safety and pysical safety are interwined with each other. These are really interesting topics to know about encryption, the cloud and its types.

  26. Guest says:

    I have a basic cell phone, no texting or any “apps” I do not have a personal email account. I do not trust the technology at all.

  27. gfr says:

    the cloud theory sounds ripe for more criminal exploitation

  28. EGK says:

    I find the (first) definition of Cloud to be too narrow and misses the point. It’s not about storing your digital files on the Internet, although that’s one aspect of it. It’s rather the outsourcing of your data center — hardware, software, applications, storage, etc. Also, to claim that this somehow gets us closer to realizing the “semantic web” is a stretch. Adopting Cloud Computing does not mean disowning or sharing your data with the world. It’s how you link data/information that may get us closer to a true semantic web.

  29. dc desktop says:

    Kryptos offers an iphone app that encrypts voice data. 256 bit AES!!

  30. KH says:

    It’s good to know that it is important, from a security standpoint, to encrypt sensitive documents before uploading them to the “Cloud.”

  31. azeemuddin khaja says:

    As with most other comments here, I too am skeptical about the fad of cloud computing. It may look a panacea to companies facing increasing IT costs to administer/maintain their systems, but the technology or the business model is still not mature enough for widespread adoption.

    I liked reading some of the material on this website as it not only reinforces old concepts but uses current events and examples to reinforce its point.

  32. JRB says:

    Interesting that several of the videos in the course state “Creation of free account required to view”. Yet in an earlier lesson in the course, the point was made that nothing is free on the Internet. Information is being collected each time a ‘free account’ is opened. Sign of the times?

  33. CC says:

    Good overview of cloud computing.

  34. Corey Burke says:

    Technology will be the continual heart beat of innovation.
    This website is put together very well.

  35. Corbyn says:

    I am amazed at technology and how far we’ve come. It seems the more technology evolves, the crooks are ahead of the game with tricks on how to bring down or infiltrate the systems.

  36. Will Adams says:

    Iphone issues with security with cause problems for its use as a credit card

  37. MT@BOEMRE says:

    Good explanation of the cloud.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s