cloud computing

You are currently browsing articles tagged cloud computing.

Saasu Cloud Conference

11 May 2012 by Stilgherrian | 1 comment

Here are the background notes and further reading for my presentation at the Saasu Cloud Conference on 11 May 2012, “Security and the Cloud: Hype versus Reality”.

This presentation was a quick run-through of what I think have been the most important themes from the past 12 to 18 months.

About two-thirds of what I write touches upon information security, cybercrime, cyberwar, or privacy and transparency issues.

If you’d like the full firehose of information, please stay in touch via my list of written articles, the compilation of my media work in my Weekly Wrap posts and — if you don’t mind seeing my less-presentable public face as well as my serious work — my high-volume Twitter feed.

If you have any questions or comments, do please add them below. I’ll generally respond within 48 hours.

Things are very scary…

2011 was billed as the year of the hacker, and the year of the hacktivist. And yes, it was bad.

Hackers working under the Anonymous brand compromised Sony’s PlayStation network, costing the company $170 million.

Anonymous also hacked Stratfor, a US private intelligence analysis firm, stealing their 10-year archive of confidential emails and apparently handing them to WikiLeaks.

Anonymous splinter group LulzSec hacked into Rupert Murdoch’s News International, including UK newspaper The Sun — although it seems that most of LulzSec has since been arrested when their leader was turned and became an FBI informant.

Random hackers even defaced a Tasmanian government website. How very dare they.

Mid-year, McAfee told us about Operation Shady RAT, a five-year program by an unnamed nation state that had infiltrated dozens of organisations around the world. Most of them didn’t even know they were hacked.

We heard how the Stuxnet worm attacked Iran’s nuclear program — although the attack itself took place the previous year — leading to claims that 2012 would be the year of cyberwar. Atomic explosions illustrated the cover of books like Cyberdeterrence and Cyberwar by Martin C Libicki.

… but we don’t really know

Despite all the hype, we have no reliable figures on the extent of the problem.

Online crime is under-reported and under-researched. Plenty of people have called for mandatory reporting of cybercrime, including the chief technology officer of AVG
 and Detective Superintendent Brian Hay of the Queensland Police. Me too.

Major security companies avoid telling us the facts and continually promote dubious statistics.

McAfee’s claims about Shady RAT were mostly hand-waving, quite probably exaggeration.

Sophos reckons this focus on high-profile attacks distracts us from the real threats.

The report on Cyber Storm III, the latest in a series of five-nation cybersecurity exercises, told us nothing.

“The exercise provided insight into key decision making processes within government, business and industry. These insights could not have been achieved without processes being tested in an exercise,” the report reveals. Gaps were identified. Improvements made. Relationships built.

Introducing the hacker

Jasmine Singh Cheema, aka Pherk, aka Zero Cool, is a typical hacker and the most likely threat you’ll face.

Cheema did $1.5 million of damage to his employer’s competitors in 2005 in exchange for a few sneakers and a watch. His story is told in Tracking Cybercrooks: the tools feds use and Hacker’s Delight.

The story of the December 2011 extortion attempt against Sulieman Ravell’s financial advisory business is told in the Manly Daily, and I spoke with him at length in a subsequent Patch Monday podcast.

Israeli researcher Tal Be’ery has monitored Anonymous and LulzSec. He reckons Anonymous hacktivists prefer penetration, but choose targets of opportunity. I spoke with him for the Patch Monday podcast too, Removing the anonymity from Anonymous.

Most cybercriminals are stupid, but there’s a lot of them and the tools are cheap and easy to obtain. Your paper boy might hack your home network because you didn’t tip him.

The Cloud changes none of this…

… except for the complexity and your ability to understand what’s going on.

Most of the recent surveys have shown that when it comes to cloud computing, security is the number one concern. And every time I’ve looked at this in detail, the message from the information security experts has been get a lawyer.

That goes double in government circles.

Legal complexities make it difficult to use public cloud computing, according to Raimund Genes, Trend Micro’s chief technology officer. Unless you’re a criminal, that is.

“Public cloud for me is not really a security challenge. It is a change in the way we operate with data. It doesn’t decrease security. It increases complexity, and that’s a problem,” he told the company’s Canberra Cloud Security Conference.

“The cloud, from a legal point of view, will keep our internal lawyers and everybody else busy for the next fifty, one hundred years,” he said.

Hybrid clouds will probably be the answer, balancing the low price of public clouds for less critical with the increased ability to monitor private clouds for more critical data.

Mobile devices are changing everything — especially on the Android operating system, which could end up being a simmering security shemozzle.

You don’t know who your Friends of Friends are

The internet connects every computer directly with every other computer. That’s not new.

What is new is that we’re publishing more information than ourselves than ever before. And while we might think we’re sharing that information with our friends, or friends of friends — those terms are highly misleading.

We might think of friends-of-friends as someone we’d let a friend bring to dinner. But research by Sophos shows that half of the time people will automatically friend someone on Facebook, even if they know nothing about them. Friends of those friends could be literally anyone.

We don’t even know who our enemies are either. After all, anyone can call themselves Anonymous.

DSD has some great advice

According to the Defence Signals Directorate, the agency responsible for the protection of Australian government and military networks, four simple strategies can prevent 85% of targeted intrusions.

DSD has published the full list of the top 35 mitigation strategies.

This work won DSD the US Cybersecurity Innovation Award for 2001.

Evgeny (“Eugene”) Aseev, head of the Kaspersky’s China antivirus lab, has his own list of 18 infosec fails that let crims win.

This time we’re all in the front line

John Lawler, chief executive officer of the Australian Crime Commission (ACC) reckons we all need to harden up.

“There will always be exceptions — high-profile cases and particularly unique cases — where prosecution will be attempted,” he said, “where for deterrent purposes you’ll put a head on a stake somewhere, and I’m an advocate of that — not literally — where that becomes important for community confidence.” …

“I think it is absolutely essential for governments, for businesses, for the individual, to have the proper controls in place to prevent, or to harden the environment against, the cyber attack.”

Organisations must have audit controls, for example, particularly for digital information, and robust governance. They must understand security risks in their full complexity, both technical and human factors.

“That message hasn’t, I think, permeated — certainly in business — to the extent and level it needs to,” Lawler said.

And we need to make sure our data is encrypted, especially on portable media.

The problem is, it’s human nature to put security last.

Businesses need to start taking this more seriously. I’ve called for their to be less pep talk, more stick, and I reckon negligent data breaches should become a criminal offence. I’m not alone.

Coda

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Australia License.

The non-commercial and share-alike conditions are required to adhere to the licensing of the imagery used. Please contact me if you require an alternative version. As a minimum, attribution should read: “Source: Stilgherrian.” Online versions must link the word Stilgherrian to the website at stilgherrian.com.

[Image credits: Cows by Emmett Tullos III, used under a Creative Commons Attribution license (CC BY); photo of Jasmine Singh Cheemsa supplied by FBI via PCWorld Communications Inc; Clouds by Jerry Pierce (Flickr/Uncle Jerry) CC BY-NC-SA; Social graph image by Jim Bumgardner (Flickr/krazydad) CC BY-NC-SA; "Loose Tweets Sink Fleets" by Brian Lane Winfield Moore CC BY-NC-SA; "This time we are all in the front line" by Phil Bradley CC BY-NC-SA.]

ZDNet Live: Bringing the Cloud Down to Earth

03 December 2011 in Internet by Stilgherrian | 2 comments

Thursday’s ZDNet Live panel discussion went rather well — even if it was another goddam thing about the cloud — and the video is posted below.

The topic was “Bringing the Cloud Down to Earth”, and the panellists were (left to right after me) Greg Stone, chief technology officer at Microsoft Australia; Zack Levy, chief commercial officer of Bluefire; Vito Forte, chief information officer at great big evil mining company Fortescue Metals Group; and moderator Brian Haverty, editorial director, ZDNet Australia.

If the embedded video isn’t working properly, or if you’d like a slightly bigger version, click through to ZDNet Australia.

More comments will doubtless appear over there too. With luck some of them will be a little bit more insightful than the childish “Microsoft bad, Linux good” platform zealotry of the first one, from jonalinux.

Cloud computing using Microsoft… you’re joking right. I guess it might be reliable if they double the amount of machines compared to Linux.

I recall when Microsoft bought Hotmail and switched over. It crashed immediately and in order to cope with the load, Microsoft had to double the amount of machines.

“When Microsoft bought Hotmail”? That was 1997. I reckon that if you’re going to have a go at someone’s technology in a grown-up conversation then your example should be just that little more recent than 14 years ago.

And was that even true?

Sure, as Microsoft initially replaced FreeBSD and Solaris (not Linux, note, so we have further evidence of jonalinux being an arsehat), Windows servers proved unable to handle the same level of traffic so the plan was delayed. But “switched over” and “crashed immediately” strikes me as complete bullshit — if for no other reason than that’s not how you manage a large-scale transition.

Yes, reliability problems plagued Hotmail a decade ago. When it had 30 or 50 million users and ran on Windows 2000. Today it has ten times the user base and technology ten years down the track. Decade-old misinformation from a zealot is such a waste of space. I’m sorry I even copy-and-pasted it in now.

[Update 0945: Added text of jonalinux's comment and my response.]

Beware, I’m on another cloud panel

17 November 2011 in Internet, Media by Stilgherrian | 1 comment

Watch out! I’m on the panel for the ZDNet Live event Bringing the Cloud Down to Earth on 1 December.

There are so many types of cloud out there and so many steps along the way. Are you setting out on the right path to the cloud for your organisation’s needs? In an upcoming live panel discussion, to be broadcast right here on ZDNet Australia, we look at the criteria you should be looking at.

Other panellists are: Zack Levy, chief commercial officer, Bluefire; James Turner, IBRS analyst (and ratbag); Greg Stone, Microsoft CTO; and moderator Brian Haverty, editorial director, ZDNet Australia.

Click through for the details. I couldn’t be arsed even copy and pasting them.

Visiting Canberra for a cloud security conference

12 November 2011 in Internet, Media, Personal by Stilgherrian | No comments

I’m off to Canberra again on 22 November for Trend Micro’s half-day Canberra Cloud Security Conference on 23 November, which I’m covering for CSO Online.

I’m actually a bit skeptical about the worth of this event. Some of the language on Trend Micro’s promotional materioal does not fill me with confidence.

This C-level gathering will bring together stakeholders across government, while offering a dedicated platform that weighs the pros and cons of the journey to the cloud… This event will offer a unique format for leading security specialists and business leaders in Federal Government to exchange ideas, gain valuable knowledge, and share their real-world risk management experiences.

What’s so goddam “dedicated” and “unique” about a bunch of people listening to a few blokes talking, followed by a panel discussion? Arsehats.

Weekly Wrap 73: The Mysteries of the Desert

30 October 2011 in Internet, Politics, Weekly Wrap by Stilgherrian | 3 comments

A weekly summary of what I’ve been doing elsewhere on the internets — finally posted on Sunday like it’s meant to be.

On a personal note, it was great to finally get the dental work done so that my jaw is no longer infected. Now, to wait for my shoulder to heal…

Podcasts

  • Patch Monday episode 111, “Cybercrime 2016: a view of the future”. Recorded in Las Vegas, it’s mainly Michael Fey’s view of 2016. He’s McAfee’s worldwide senior vice president of advanced technologies and field engineering. Also, an explanation of how advanced persistent threats are a three-stage attack, and a chat with the bloke who taught me how to create malware and construct botnets in just one hour.

Articles

I wrote another two stories apart from these, one for CSO and one for ZDNet Australia, but they won’t be published until Monday.

Media Appearances

Corporate Largesse

  • On Tuesday I covered the ISACA conference in Sydney, so of course I got free food and drink.
  • On Friday I went to the launch of Intel’s Ultrabook standard for laptops at BAR100, The Rocks in Sydney, so naturally there was more free food and drink. They also gave me an Air-Tech Turbo Blimp radio-controlled indoor airship, which I gave away — to someone who then discovered that the blimp itself wasn’t in the box.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: A mysterious oval-shaped object in the desert somewhere between Las Vegas and Los Angeles. This might be in Death Valley, but more likely somewhere else. I wasn't paying much attention until I saw this. Any idea what it is? You can click to embiggen. Oh, and yes this photo was taken last week, not this week, but I'm sure you can live with that.]

Weekly Wrap 61: Exhaustion in the forest

09 August 2011 in Internet, Politics, Weekly Wrap by Stilgherrian | No comments

A weekly summary of what I’ve been doing elsewhere on the internets, two days late and without a picture. After the intensity of the previous three weeks, I’d predicted a slow-down, and here it is. I was simply exhausted last week, and spent a couple of days staring at the eucalypts from Rosella Cottage.

Last week also marked six months since I moved from Enmore. Living at Bunjaree Cottages was originally intended to be a temporary measure, or so I thought. I’ve ended up settling into the routine quite well, though I’ve found it impossible to save money for moving house. That said, I’m really not sure where I want to live now. But that’s a story for another time. Maybe later today.

Podcasts

  • Patch Monday episode 99, “When apps go wild: beyond the SOE”. Dr Paul Ashley from IBM’s Gold Coast Security Development Laboratory talks about their new technology that sniffs packets to identify applications, and Neil Readshaw, cloud security lead architect with IBM Global Services, talks about, erm, cloud security.

Articles

Media Appearances

  • On Thursday I appeared with Paul Wallbank on Phil Dobbie’s BTalk podcast, an episode called Google Plus, Inside Out. I got to spout my anti-Google stuff again.
  • Also on Thursday, I made a small appearance on Phil Dobbie’s Twisted Wire podcast. The episode was called The battle for mobile dominance, and if I remember correctly I gave some sort of opinion about Apple iOS versus Android versus Nokia.

Corporate Largesse

None. What is going on here?

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

Patch Monday: When apps go wild: beyond the SOE

02 August 2011 in Internet by Stilgherrian | No comments

Businesses have lost control of the applications their employees are running in a process that’s been dubbed the consumerisation of the enterprise.

They use web-based tools like Facebook and Twitter and YouTube at home, they download any software they think will improve their lot, and expect to be able to do the same at work. Locking them into a standard operating environment (SOE) cramps their style.

At IBM’s Pulse 2011 event in Melbourne last week, which I attended as their guest, I spoke with Dr Paul Ashley, engineering manager at IBM’s Gold Coast Security Development Laboratory. He reckons the days of the SOE are pretty much over. His team been working on tools that can identify the applications users are running and spot any problems by looking at the network traffic they generate.

For this week’s Patch Monday podcast I also spoke with Neil Readshaw, cloud security lead architect with IBM Global Services. He says that over the last year or so, people started to understand the differences between public clouds, private clouds and hybrids, and what those differences can mean for security.

You can listen below. But it’s probably better for my stats if you listen at ZDNet Australia or subscribe to the RSS feed or subscribe in iTunes.

Please let me know what you think. Comments below. We accept audio comments too. Either Skype to stilgherrian or phone Sydney +61 2 8011 3733.

Visiting Melbourne for IBM’s Pulse 11

24 July 2011 in Internet, Melbourne, Personal by Stilgherrian | 2 comments

I’m heading to Melbourne this week to cover IBM’s Pulse 11 for ZDNet Australia. The event runs 27 to 28 July at the Crown Promenade, although I’ll be flying down late Tuesday afternoon and returning on Friday.

“Pulse is your premier event for accessing the solutions and expertise that can help your organisation transform the way it designs, delivers and manages business services,” says the promo material in a sentence remarkably free of concrete nouns. About eight pars in you’ll discover that it’s about things like managing cloud services and making sure your IT systems are secure and compliant with regulations.

I simply do not understand this corporate aversion to being specific.

It’s my first trip to Melbourne in about five years, so I’m looking forward to it. I’ll have a little free time on Thursday afternoon and evening, so do feel free to make suggestions.

I’m attending Pulse 11 as a guest of IBM.

Weekly Wrap 59: Making paragraphs while the rain pours

24 July 2011 in Internet, Politics, Privacy, Weekly Wrap by Stilgherrian | No comments

A weekly summary of what I’ve been doing elsewhere on the internets. While Sydney dealt with its wettest July since 1950, I was at the Bunjaree Cottages in Wentworth Falls, writing and writing and writing and writing. And talking on the radio.

“Make hay while the sun shines,” goes the old saying. But for a writer, it’s about making paragraphs while the rain pours. Being stuck indoors with a magnificent view really helps.

Podcasts

Articles

Media Appearances

Corporate Largesse

None. But there’ll be plenty next week. I’ll tell you more about that later this morning.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream. The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Potholes on Frenchmans Road, Wentworth Falls, photographed on 20 July 2011. This is a slightly modified version, here's the original.]

Patch Monday: Amazon’s Vogels: cloud, start-ups, treadmills

18 July 2011 in Business, Internet by Stilgherrian | No comments

The cloud has levelled the playing field for business, says Amazon’s chief technology officer Dr Werner Vogels. Ten years ago, a start-up needed $5 million. Now, Vogels says, it’s “just $50,000 and a coffee shop around the corner”.

Vogels was in Sydney last week for a promotional event for the cloud-based Amazon Web Services (AWS). In a wide-ranging interview for this week’s Patch Monday podcast he discussed the cloud from both a business and a technical perspective, and responded to reports that Amazon may soon open an Australian datacentre and that the Sony PlayStation Network hack was launched from AWS servers.

You can listen below. But it’s probably better for my stats if you listen at ZDNet Australia or subscribe to the RSS feed or subscribe in iTunes.

There is a slight audio problem for the first few minutes of the interview, but it’s worth persisting.

(The conference room tables were rubbing against each other as Vogels moved his hands, elbows on table. It wasn’t very noticeable in the room, but the sound was transmitted mechanically up into the recorder via the tripod it was sitting on. I did notice after a few minutes and fixed things, so you won’t have to endure it for long.)

Please let me know what you think. Comments below. We accept audio comments too. Either Skype to stilgherrian or phone Sydney +61 2 8011 3733.

« Older entries