Welcome!

@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Yeshim Deniz, Pat Romanski, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Article

How the Cloud Will Displace Human Trust

We are witnessing the large-scale industrialization of the data center

We are witnessing the large-scale industrialization of the data center, owned and operated by the ICT operators who specialize in that task, with security technologies in the hands of the end user to remove any need to trust their human operators.

The traditional "protect the perimeter" model of enterprise data security, one where layers of security are added around enterprise data, access to which is limited to trusted insiders, clearly has challenges in a cloud computing model when outsiders (the folks running the cloud) have access to all your data and can monitor everything that you do in their environment.

The solution is not, as some would tell you in the security profession, better certification of cloud providers and external vetting of the human operators. Certification has a role but the ultimate answer will be the invention of technologies that completely remove the need for trusting the human operators.

There is a historical precedent for this. In a previous era longshoremen who handled cargo at ports (outsourced storage and compute) had a series of certifications on their security that were manually audited by government officials. Eventually, containerization and automation of ports made those certifications irrelevant, solving the problem using technology and dramatically increasing the amount and speed of international trade.

As Jason Hoffman, CTO of Joyent, (a competitor of Amazon Web Services), likes to point out: "data centers are the digital ports of the 21st century, the bit is the new economic good, measured in bytes and contained in packets, words and blocks."

The analogy is striking and it is likely that technology will again solve the problems that currently hinder adoption of the cloud by enterprises.

Each pillar of the CIA triad of data security - confidentiality, integrity and availability - is currently experiencing tremendous innovation, easing and accelerating adoption.

Availability is the easiest to understand: how a public cloud model can deliver better performance over enterprises owning their own data centers. Consider how the earthquake and subsequent tsunami in Japan made the banking community realize that having a main data center in Tokyo with a backup in Yokohama, just 50km away, wasn't such a smart idea. Contrast that with the latest object-store solutions that provide multi-continent, multi data-center storage redundancy and availability. An example is Joyent's Global Compute Network, a global alliance of telecommunication providers offering cloud services allowing end users to migrate their data and applications to multiple locations around the world with nothing more than a mouse click.

Integrity, possibly the least understood of the security triad, is keyless signature infrastructure (KSI), which provides digital signatures for data on a massive scale. Keyless means that the integrity of the data can be verified without reliance on cryptographic keys, removing the need to have a trusted human anywhere in the verification chain. Banks such as SEB, ecommerce providers such as Rakuten, and governments globally such as China and Estonia are integrating KSI deeply into their data centers, ensuring that every system event and object modification is linked together in a causal chain, the proof of integrity of which is independently verifiable by users, regulators or auditors. Regulatory compliance requires enterprises to prove the integrity of their archived data, spending as much as $10,000 per TB for hardware-based solutions. Now this can be done in software in a public cloud at a small fraction of the price.

Confidentiality is possibly the biggest concern for enterprises to adopt a fully public cloud model. Yet here too there is tremendous innovation. Since IBM's Craig Gentry announced his Fully Homomorphic Encryption (FHE) scheme there has been intense research in the academic community to build something practical. FHE implies that you can store encrypted data in the cloud but still run applications on that encrypted data, decrypting the result locally only when an authenticated end user needs to view it, thereby removing any possibility of the cloud operator or outside attacker breaching the confidentiality of the data. Recent results by cryptographers Brakerski and Vercauteren indicate that practical implementations of FHE may be on the horizon.

Subsets of FHE such as functional encryption or searchable encryption can achieve the same result for specified use cases. As a simple example of this technology, imagine if you encrypted a search term say "Britney Spears" and entered the encrypted result into a search engine. The results you get back would be gibberish until you decrypt them, giving you the latest gossip on Britney without anyone having any knowledge of what you searched for.

Encrypted search of course requires a lot more computational power, which is great news for companies like Intel but also for the service providers that can offer a premium service with encryption enabled applications.

I recently had the opportunity to read George Dyson's history of computing, "Turing's Cathedral," where he traces the digital universe to a nucleus of 32-by-32-by-40 bit matrix of high-speed random access memory built in 1953. Since then there has been wave after wave of innovation and while cloud computing represents the next wave, the impact for the enterprise may be the most profound.

We are witnessing the large-scale industrialization of the data center, owned and operated by the ICT operators who specialize in that task, with security technologies in the hands of the end user to remove any need to trust their human operators. Driven by competitive forces this will lead to a level of service and security vastly superior to what they can be achieved in-house, allowing enterprise IT budgets to be slashed yet providing on-demand the latest software applications.

It will take time for regulators to be convinced, but eventually it will be become obvious that the technologies described above will enable regulated businesses to be more reliable, more secure than before and the barriers to cloud adoption will be eased. The inevitable conclusion will be an enterprise IT model with zero assets in-house and a massive expansion of business for ICT operators who are operating the data centers and providing indemnification against any business loss.

That time might be closer than you think.

More Stories By Mike Gault

Mike Gault is CEO of Guardtime, the developer of Keyless Signatures that algorithmically prove the time, origin and integrity of electronic data. He started his career conducting research in Japan on the computer simulation of quantum effect transistors. He then spent 10 years doing quantitative financial modeling and trading financial derivatives at Credit Suisse and Barclays Capital. Mike received a Ph.D. in Electronic Engineering from the University of Wales and an MBA from the Kellogg-HKUST Executive MBA Program.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed how this same philosophy can be applied to highly scaled applications, and can dramatically increase your resilience to failure.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by sharing information within the building and with outside city infrastructure via real time shared cloud capabilities.
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
Sanjeev Sharma Joins November 11-13, 2018 @DevOpsSummit at @CloudEXPO New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.