The more we view the landscape in the weeks before the RSA Conference, the more we see a host of startling developments.
The latest example? According to the Wall Street Journal, it looks like the US electrical grids have been infiltrated – another dark reminder about what we face out there. That’s not it. Conflicker is back in a new form. TrendLabs have this evening discovered a new variant of Downad/Conficker called WORM_DOWNAD.E spreading over the peer-to-peer functionality of the previous version of this now infamous worm.
It’s no wonder that a group of vendors are coming together to form a security alliance around cloud computing.
trade group is called the Cloud Security Alliance. And it is launching at RSA. The group’s goal is to educate people about cloud computing security. A number of vendors are signing up to be members. They’ll be releasing a white paper at the conference.
But it’s always the users that have the real say in how a community grows. The vendors play a critical role. The good ones work with the users. They go out and do the hard work, developing standards, hammering out identity issues and authentication. They gain support by doing what needs to be done so the rest of the world gets it. They embrace openness so the entire community grows and diversifies.
We ran across this post on the IBM web site that sums up why the open way may be the best way of all.
What we find refreshing is that the author wrote this article eight years ago but the premise still rings true today. The article quotes Eric S. Raymond, author of the New Hacker’s Dictionary and “The Cathedral and the Bazaar.”
“The apparent paradox that openness about your methods leads to better security is not unique to computer software — military and diplomatic cryptographers have known for a century that it is folly to depend on the secrecy of your encoding method rather than the secrecy of your keys,” says Raymond.
According to Raymond and fellow open source supporters, open source is the only real option for secure operating systems. For one thing, closed source applications and operating systems can’t be examined and verified for secure coding. A revelation of previously secret code almost always leads to the discovery of additional flaws and security holes. In addition, closed proprietary code makes it difficult to distribute trustworthy fixes when a hole or mistake is revealed….
Just take the April 2000 event that had webmasters and systems administrators shaking in their shoes. After four years it was discovered that Microsoft programmers had inserted a back door in their popular FrontPage Web server software. It was the very fact that the software code was “concealed” in opaque binary form that kept this security breach unknown to the public for so long.
How will the Cloud Security Alliance prevent such abuse from happening? We hope they will take a cue from folks like Sam Johnston.
Johnston is leading an effort for the “Open Cloud.” Vendors who use the Open Cloud mark would be committed to an open framework. From his letter, which he published Monday on his blog:
Cloud computing users will soon be able to rest assured that offerings bearing the “Open Cloud” brand are indeed “open” in that critical freedoms (such as the right to access one’s own data in an open format via an open interface) are strongly protected. It will also ensure a level playing field for all vendors while keeping the barriers to enter the marketplace low. Offerings also bearing the “Open Source” mark will have additional freedoms relating to the use, modification and distribution of the underlying software itself.
Openness. Isn’t that the best way to build trust?