Welcome!

Cloud Expo Authors: Liz McMillan, JP Morgenthal, Victor Cruz, Derek Harris, Maureen O'Gara

Related Topics: Cloud Expo, Virtualization

Cloud Expo: Article

Cloud Computing: Securing the Cloud

I wrote my own S3 client which uses strong encryption on the I/O stream as it leaves my computer
By Jonathan Craven
Article Rating:
September 15, 2008 08:35 AM EDT
Reads:
 13,185

Jonathan Craven's Blog

I don't trust Amazon S3 with my personal data. It's not a question of trusting Amazon to abide by the terms of service - I do trust them as a company, but no company can be immune from a rogue employee or corporate espionage, and it is not easy to trust their security procedures unless you can audit them yourself at whim, which is a practical impossibility.

I have already written about how I have enthusiastically adopted Amazon S3 as a solution for off-site backups, and for publishing heavier content than my home server could handle, such as video. The other day one of the hosts of Buzz Out Loud mentioned that he didn't trust his personal data in the cloud just yet. He could see that it was the way of the future, but was not yet comfortable with the trust issues. Then then this week John C. Dvorak echoed the same concerns on TWiT.

They are right of course, and I don't trust Amazon with my personal data either. I have a lot of personal data to back up, such as every e-mail I wrote or received from 1998 to around 2005 (I've let GMail handle it since then, where I technically ought to back it up via POP, but haven't...), not to mention other personal identifying data that I would not want in the wrong hands. It is not a question of trusting Amazon to abide by the terms of service—I do trust them as a company, but no company can be immune from a rogue employee or corporate espionage, and it is not easy to trust their security procedures unless you can audit them yourself at whim, which is a practical impossibility.

My solution to this problem is one that your average user, even a geek like Tom Merritt, probably can't do: I wrote my own S3 client which uses strong encryption on the I/O stream as it leaves my computer. Amazon thus stores for me a few gigabytes of what is literally useless ones and zeroes, but when I download it with my special client it is decrypted on the fly back into the original file. Such a solution requires not only the knowledge of how to code one's own S3 client, but also enough knowledge of cryptography and computer security to know whether a solution is really secure, or whether it could be cracked by those with enough resources. I'm fortunate to be in a position do do this by myself.

I'm sure that at some point there will be, and maybe there already is, a client program you can download to do this for you, where you set your own key phrase. But unless you audit the entire source code of that program, you can't be sure that it isn't sending your key out to some third party. An open source solution would allow you to check this, but frankly the time it would take to audit all the code would be longer than the time it takes to write your own (at least it was in my case). But in the absence of a widely audited and popularly acknowledeged open source way of encrypting the stream before it leaves your computer, we'll never get beyond the issue of trusting the company you're giving your data to.

(The only problem, now, is keeping my source code to my client and my key file safe, since if I lose those I would be left unable to download my own backups!*)

* Don't worry, I have worked out a solution for this, but I'm not going to post it here!

 

Published September 15, 2008 – Reads 13,185
Copyright © 2008 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Jonathan Craven

Jonathan Craven is an American software engineer currently living and working in northern France.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Cloud Expo Breaking News
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they work, what else h...
Feb. 14, 2012 08:00 AM EST  Reads: 947
By Elizabeth White
In 2011, Apache Hadoop received tremendous attention for helping organizations cost-effectively capitalize on their big data. Hadoop is now disrupting the business of analyzing data. In his session at the 10th International Cloud Expo, Eric Baldeschwieler, Co-Founder & CEO of Hortonworks, will look at the current state of the Hadoop project, lessons learned by deploying it at scale, and the roadmap for its future. Big Data Track attendees will learn about the exciting developments that have ...
Feb. 14, 2012 08:00 AM EST  Reads: 1,119
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they work, what else h...
Feb. 14, 2012 07:45 AM EST  Reads: 634
By Jeremy Geelan
With Cloud Expo 2012 New York (10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference... We have technical and strategy sessions for you every day from June 11 through June 14 dealing with every nook and cranny of Cloud Computing and Big Data, but what of those who are presenting? Who are they, where do they work, what else h...
Feb. 14, 2012 07:45 AM EST  Reads: 676
By Jeremy Geelan
With Big Data Expo 2012 New York (co-located with 10th Cloud Expo) just four months away, what better time to start introducing you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical and strategy sessions at the conference...
Feb. 14, 2012 07:00 AM EST  Reads: 741
By Pat Romanski
Why are APIs so important in clouds? Do APIs have to be open? How fast or slow will standardization in the cloud be? Why is ensuring high availability for the cloud service critical? In his session at the 10th International Cloud Expo, Mårten Mickos, CEO of Eucalyptus Systems, will answer these questions and address cloud standards, APIs and the critical question: Will we end up with one, two or more competing cloud standards? And, how will this affect the evolution and adoption of cloud comput...
Feb. 13, 2012 02:42 PM EST  Reads: 498
By Elizabeth White
Very few trends in IT have generated as much buzz as cloud computing. In his session at the 10th International Cloud Expo, Mark Hinkle, Director, Cloud Computing Community at Citrix, will cut through the hype and quickly clarify the ontology for cloud computing. The bulk of the conversation will focus on the open source software that can be used to build compute clouds (infrastructure-as-a-service) and the complementary open source management tools that can be combined to automate the management...
Feb. 13, 2012 01:21 PM EST  Reads: 720
By Pat Romanski
The proliferation of device connectivity is redefining the functionality requirements and capabilities of many embedded systems as more and more of these devices look to leverage the “Cloud.” While many commercial software and hardware component vendors have begun to realign their value propositions to satisfy growing demand, commercial-off-the-shelf products (COTS) alone cannot meet every OEM’s needs. As a result, the Embedded Cloud has injected a new level of uncertainty and a new competitive ...
Feb. 13, 2012 11:06 AM EST  Reads: 532
By Elizabeth White
Hardware and chemistry improvements will make the $1,000 human genome a reality soon. While the massive amount of genomics data that will be generated represents a huge opportunity to advance personal medicine, it also presents an enormous big data challenge. In his session at the 10th International Cloud Expo, Dr Andreas Sundquist, CEO of DNAnexus, will discuss how the cloud will address these issues by enabling the management, storage, sharing and analysis of the world’s DNA data and how it ...
Feb. 13, 2012 09:37 AM EST  Reads: 595
By Pat Romanski
The focus of Java EE 7 is on the cloud, and specifically it aims to bring Platform-as-a-Service providers and application developers together so that portable applications can be deployed on any cloud infrastructure and reap all its benefits in terms of scalability, elasticity, multitenancy, etc. The existing specifications in the platform such as JPA, Servlets, EJB, and others will be updated to meet these requirements. Java EE 7 continues the ease of development push that characterized prior ...
Feb. 13, 2012 08:00 AM EST  Reads: 2,004
MORE »