クラウドのセキュリティの懸念について、解決するまで待つ必要は無い？小生もこれには半分同意=>

クラウドのセキュリティ懸念について一石投じた記事。

技術的にセキュリティをどのレベルまで確保できるのか、という議論ではなく、企業としてどれだけクラウドに依存する事になるのか、という観点から、クラウドの価値を評価うすべき、というコメント。

公共交通機関、特に飛行機を例に出し、航空手段を選ぶ事の利便性と危険性の両面の評価の中で航空業界が確たる存在価値を確保した、という事を説明している。 自家用車、他の公共交通機関、または自家用飛行機を乗る、という選択も在る中、スケジュールや条件をコントロールできない航空業界のソリューションを選択する、という結論に至るのは、他に最適なものが無い、と言う判断の結果から来ているもの、と結論付けている。

クラウドも同様の発展をたどる、と予測している。 今現在はクラウドはまだ市場が立ち上がったばかりで、その本質的な価値がまだよく見えていない。 しかしそれが段々と明らかになっていく過程の中で、それを止める要因として挙げられているセキュリティの課題は結果的にあまり問題視されなくなるのでは、という現時的な予測をしている。

セキュリティの懸念、いろいろ議論されているが、それが解決されるのを待つのは全く無意味である、という事を示唆しているようにも思える。

オンラインで買い物をするたびにクレジットカードを入力するが、最初は戸惑いがあったが、最近では瞬きもせず16桁の数字を入力する自分を改めて見直す機会でもある。

---

How Secure is Cloud Computing?

Right now we are still in the early days of cloud computing

By Scott Morrison

December 1, 2009 07:45 PM EST

Cloud Security Journal on Ulitzer

Technology Review has published an interview with cryptography pioneer Whitfield Diffie that is worth reading. I had the great pleasure of presenting to Whit down at the Sun campus. He is a great scientist and a gentleman.

In this interview, Diffie–who is now a visiting professor at Royal Holloway, University of London–draws an interesting analogy between cloud computing and air travel:

"Whitfield Diffie: The effect of the growing dependence on cloud computing is similar to that of our dependence on public transportation, particularly air transportation, which forces us to trust organizations over which we have no control, limits what we can transport, and subjects us to rules and schedules that wouldn't apply if we were flying our own planes. On the other hand, it is so much more economical that we don't realistically have any alternative."

Diffie makes a good point: taken as a whole, the benefits of commodity air travel are so high that it allows us to ignore the not insignificant negatives (I gripe as much as anyone when I travel, but this doesn't stop me from using the service). In the long term, will the convenience of cloud simply overwhelm the security issues?

The history of computing, of course, is a history full of such compromise. Right now we are in the early days of cloud computing, where all of us in the security community are sniping at the shortcomings of the technology, the process, the legal and regulatory issues, and anything else that appears suspect. But truthfully, this is the ultimate low hanging fruit. Identifying problems with the cloud is effortless; offering real solutions is considerably harder.

Not surprising, Diffie offers a real solution, which is to look hard at trusted platforms. In the end, convenience will sweep over us all, so it is important to quickly establish the best secure baseline we can. The secure base for cloud computing needs to become like aircraft maintenance schedules–something that is a given part of the process and an important component that allows us to reasonably invest trust in the system as a whole.

Published December 1, 2009 – Reads 387
Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

http://cloudcomputing.sys-con.com/node/1204236