Wednesday, April 25, 2012

Beware "The Cloud"


Today everyone seems enamored of "The Cloud."  Don Adams of Tibco recently blogged about this at when he had the audacity to say that there is a possibility that "The Cloud" is not secure.  THANK YOU, DON!!  This is what I have been saying for six months now!  I don't want my software running on YOUR servers somewhere (who knows where?) and controlled by (who knows who?) and subject to backups (what and when) and subject to security attacks of all kinds. 

Sorry - I don't want to have to go to your company to inspect every month and examine all of your security and backup procedures when I'm already doing that very same thing for my own servers.  Why not just do this ONCE at my own place of business and not have to worry about YOUR security, YOUR network lag, YOUR performance problems when your other customers are crunching up the CPU time that I need for my customers.  Nope, I want MY software on MY machines where I can control everything myself.

Any bank, insurance company, stock brokerage or other financial firm that allows their software to reside and have their data to travel across "The Cloud" is insane.  Keep your data and software at home under your own control.  If some miscreant breaks in (meaning you were using Windoze rather than Unix servers) then you are at fault, not the company managing "The Cloud" software. 

Besides, real data security never allows itself on the internet in the first place, right?  Of course, right!!  You would keep your data and access off the internet and run them securely only within a tight, on-site environment.  Difficult?  Darned right it is!  But it's the only way to be 100% secure and 100% sure that there are no outside hackers.  Inside hackers?  Well, that's another problem for another article at another date.  :-)



woolfel said...

Business are using the cloud, but a lot of it is for data that is not sensitive. Businesses that have strict security requirements tend to go with a private cloud. One example is the military uses VMWare to spin up instances when the load demands it. Since military applications have crazy security requirements, they have their own private could.

Tibco hype is the usual business hype. Every business does it, even if it's silly and non-sensical.

James Owen said...

@Peter: True... but Why? Even a "Private Cloud" (Military?) is still asking for trouble. If you believe even 10% of what TV shows would have you believe (when they are still using 19" CRT displays) then cracking an internet message IP source and destination is a piece of cake/pie.

20/20 did a piece one night on this where a guy drove down Wall Street and cracked bank after bank after bank with a laptop and it took him, at most, five minutes with some and at best one minute or less with most. That alone was enough to convince me that I didn't want wireless anywhere near my place of business and I have absolutely NOTHING of value to anyone. I just don't believe in wireless when you don't need it. EMail, blogs and such have to be internet. My real stuff is separate on a machine that is NOT connected to the internal network that is connected to the external internet. Paranoia? You're not paranoid if they really are out to get you. :-)


woolfel said...

The reason for a private cloud is elasticity. If you have a bunch of big Dell server with multiple 4/8 core CPU, you want to make sure the resources are used efficiently. Sometimes a particular job requires a lot of resources and other times it doesn't. Using VM images makes it easier to spin up new instances to handle the workload and shut it down when the job is done.
One reason businesses use public clouds for non-sensitive data is cost and time. Many companies can't afford to pay Level3 for 100 full racks, and the resources to manage them. Even if a company can afford it, do you really want to buy and maintain 1000 nodes just to handle a sudden spike in load during the holiday?
Security is always a pain and it's always in favor of attackers. I know from my college days just how easy it is to hack/attach a network. That is a different problem than whether or not a business should use a cloud. I'm using rackspace and EC2 these days to host demo apps. It is considerably cheaper than buying 40 servers and hiring a fulltime unit admin to maintain them.