But to who's advantage?
I already have my concerns over the way service providers reserve the right to change their privacy policies and that they generally do so in ways that is not to the user's benefit. So in the end, after a company has moved BIG DATA into THE CLOUD where they no longer have any control of it, corporate data could become a commodity for share and trade with advertisers and used to generate more money for a service provider that your company has presumably paid to manage your data for you. Of course they will probably offer some time period in which you could cancel your services contract and take your slice of big data back, but it will most likely be a shorter time period than it would take for your company to hire IT people qualified to handle the job, because you no longer have an IT department (my last post provides more details on this).
All I see in all of this hype of clouds and big data is an effort to consolidate intellectual property and trade secrets into fewer hands in much the same way as every other industry has already been doing for years. Think about it for a second, how did 'too big to fail' banks become so large? Mergers and acquisitions. When Microsoft or even Apple sees a market direction they want to approach, they tend to buy a company in that market and bring them into the fold as a new division. Big fish eat small fish.
The marketing for these 'services' is always being directed to small and medium sized businesses and is sold with the guise of 'allowing smaller companies to focus on their core market' while 'liberating resources (aka money) spent on: data & systems management, hardware, network complexities, servers, and anything else the IT department is in charge of'. Nobody is mentioning why they want to own your data for you... They just attempt to scare you with words that they have created... Oooh! Big Data. Maybe I am just biased since they want my salary, and will leave me without one in the end, but I still feel there is more than just me at stake.
There is another problem in the whole equation: security. You see, in *my* network, there might even be some data that competitors could find valuable, but, we aren't their only competitor. We also have very few inroads on our network, which, in IT terms, are known as 'attack surfaces', and we are gearing towards closing those as well. Soon, our network will be invisible to all but spyware and virus attacks, but the cloud cannot become invisible otherwise all that big data would be inaccessible to the customers who think they own it... That leaves a large attack surface completely open, and is multiplied by the number of idiot users in your company who find the only password they'll ever remember is '12345'...
Add to that, the fact that this cloud contains big data from many other companies and it suddenly becomes a much more attractive target. Web applications are very near to impossible to lock down completely, even simple ones like online voting can be completely hacked... Not only did hackers add and elect Futurama's "Bender" to the Washington DC School Board, but they were able to monitor IT staff after gaining access to internal web cams, reprogram the Cisco switches, block other attacks they detected originating from the somewhere in the Persian gulf, and if they had been the malicious hacker types they could have downloaded all kinds of data and caused much more havoc while they had full access (full report here). That was just a voting system for a school board, imagine how much more attractive the target is when it has financial records, credit card numbers, and corporate trade secrets from many companies all contained in the same place.
While it may be true that the cloud providers and big data collectors have much more security knowledge and experience than a school board does, Windows, Chrome, OSX, Firefox, Safari, Internet Explorer, Acrobat, Flash, MySQL, Oracle, MSSQL, Java, PHP, ASP, C#, C++, and just about anything else I could name all get patched for security holes on a fairly routine schedule because security holes are routinely found in just about every piece of code ever written. These holes aren't always exploited, but 'not always' is a larger number than 'never' leaving it to chance.
The cloud will start to be a more attractive target than windows has been once windows is relegated to accessing the internet to use our cloud-stored data. With that the attacks on the database software (SQL, noSQL, oracle, et al), and other 'code injection' attacks will become daily occurrences. Once the back-end database of a cloud services provider is breached a treasure trove of all kinds of goodies awaits. You think wikileaks has some incredible ammo now? Just you wait...
It gets even worse after exploit code has been released because then the workload can be distributed to any and all 'script-kiddies', who could technically be anybody with slightly above basic-level computing knowledge. And I have not even mentioned downtime due to DDoS attacks yet...
Want to take out a competitor? DDoS their cloud provider. Simple, inexpensive, almost point and click attacks which are close to impossible to trace back to the true originator... Much easier than a hostile takeover...
International laws are another big issue that I have not mentioned yet, but it becomes truly muddy territory while the internet is not it's own country with it's own uniformly applied rules applicable to any and every country and company that would like to use it... Not that I think the Internet Declaration of Independence will ever be ratified, but it's nice to dream.
I still feel like this topic is completely unfinished, and missing an entire chapter, but i have to go back to managing my 'non-cloud-less-than-big-data'.
No comments:
Post a Comment