Should Cloud Computing Be Called Swamp Computing?

cloud computing/swamp computingDavid Talbot at Technology Review published an article recently entitled, “Security in the Ether“. The author writes that the efficiencies of cloud computing are also its weaknesses. Users’ access to all of the bells and whistles a cloud offers could also enable them to attack a specific target, once they were able to get onto the same host. Researchers at UCSD and MIT performed this exact attack inside Amazon’s cloud.

Major companies use cloud computing, such as the New York Times and Pfizer, so the lack of security is no small issue. Other companies do not want to put their sensitive data into the cloud, because employees and managers are afraid employees and managers of the cloud providers may exploit the data, or else it may not still be available, as promised, in 5 or 10 years. The scale of cloud computing means that any problem, such as bit corruption, can shut down the network for hours, or possibly days until it is corrected. Encryption is the key to providing security, but it is very hard to search, retrieve, or perform calculations on encrypted data.

This past year, Craig Gentry at IBM’s Watson Research Center developed a solution that provides an “ideal lattice” for performing calculations on encrypted data. However, the process is impractical for cloud computing right now, as it take up large amounts of computational power. Other researchers are working on improving the algorithm to improve compute efficiency. Not surprisingly, there’s money to be made in them thar’ hills if the encryption problem is solved, especially with regards to medical records and banking.

In the meantime, something as simple as the definition of a cloud has yet to be agreed upon. NIST committee members are on their 15th draft of the document that defines cloud computing. Defining “cloud computing” will go a long way to aiding the security of data, as this will mean that any of the cloud’s unique security concerns may be isolated and defined. This ought to lead to the development of standards for both security and interoperability.

Please let me know what you think....