Mobile Cloud Computing: Issues and Risks from a Security Privacy Perspective: An analysis and a survey for my talk at secure cloud conference

Mobile Cloud Computing.JPG

Hello all

I am presenting a paper/speaking at the secure cloud conference on ‘Mobile Cloud Computing: Issues and Risks from a Security Privacy Perspective’

This event has some very interesting co-speakers including Enisa, US Federal Trade Commission, eBay, qualys, European commission, BT innovation, fujitsu, Verizon, NIST. So, should be a good event.

I have covered mobile cloud computing before on this blog and I have some views on it as you know.

However, I seek some feedback through this brief survey. The survey is subjective and you may answer any questions as you feel relevant. Of course all responses are anonymous and in return for your feedback, I will send you a copy of my presentation. You can email me your responses at ajit.jaokar at futuretext.com..The survey is designed to be informative i.e. I hope you will learn from it. There is also a significant discussion on Identity and Cloud as you can see in the last question below

For the sake of simplicity and to prevent being bogged down by definitions, I consider cloud computing as below:

Cloud computing entails the availability of software, processing power and storage on an ‘as needed’ basis. Cloud computing reduces CAPEX investment. Its key characteristics include agility, reduced Cost, device independence, reliability (multiple redundant sites), scalability, security and reduced maintenance. Cloud computing applications can be broadly divided into:

Infrastructure-as-a-Service (IaaS) ex Amazon Web Services provides virtual servers with unique IP addresses and blocks of storage on demand;

Platform-as-a-Service (PaaS): Ex Google apps – A set of software and development tools hosted on the provider’s servers.

and

Software-as-a-Service (SaaS) : Ex web based email – in which the provider allows the customer only to use its applications.

Mobile cloud computing could be defined as – the availability of cloud computing services in a mobile ecosystem. This incorporates many elements including consumer, enterprise, femtocells, transcoding, end to end security, home gateways and mobile broadband enabled services. Also since the terms ‘mobile’ and ‘wireless’ are used interchangeably, I consider Mobile – ‘anywhere anytime’ and wireless is ‘without wires’. Thus mobile is ‘wireless’. Hence, we are talking of ‘Anywhere anytime secure data access’ when we speak of Mobile Cloud Computing

To set the stage;

Enisa has an excellent paper on Cloud computing which you can read HERE

The recent RSA conference had some interesting developments:

White House Cybersecurity Plan Revealed 12 point comprehensive national cyber security initiative

The Trusted Cloud computing initiative continues to evolve

Identity is an important part of Cloud computing(both web and mobile) as we see in the last qs below

So, within the context above, my questions are:

a) Is ‘mobile cloud computing’ a distinct domain in itself? Or is it more about ‘Web Cloud providers going mobile’

b) Do mobile providers have any advantages over web providers (like Amazon)?

c) What are the key issues and key advantages for mobile cloud computing?

d) Will mobile cloud computing be about privacy in addition to security?

e) What are the biggest privacy and security threats to mobile cloud computing

g) Will providers use Mobile Cloud computing to ask payment for granular features(like access to voicemail) aka the Ryanair business model for Cloud computing!

h) Will enterprises be the key drivers for Mobile Cloud Computing?

i) Mobile Cloud computing can be implemented at many levels in the Telecoms stack: The Device/Platform, the Operator; The Mobile Web; Infrastructure; SIM. Any more potential ways in which mobile cloud computing can be implemented? And what are the pros and cons of the approaches?

j) Which applications would be most likely to benefit from Mobile Cloud Computing?

k) Would PCs/Sub netbooks and other ‘non phone’ devices covered by Mobile broadband be impacted by this trend and if so, how?

l) Many providers use ‘data backup’ as a stepping stone to cloud services. Will these services evolve beyond the ‘data backup’ i.e. for instance will customers trust their backup providers with personalized information leading to other services

j) How important is end to end security for Cloud computing?

k) How important is the management of the client on diverse devices important for end to end cloud security?

l) Is the Mobile Web a good client for Cloud computing?

m) Will emerging markets adopt Cloud computing services?

n) Will low spec devices (ex feature phones) benefit from ‘thin client’ cloud computing services?

o) Identity and the Cloud …

This is a big development again covered a lot in the recent RSA conference

I seek your views on how important is Identity to the entire Cloud / Mobile Cloud debate.

One could say that: Identity is the security glue for the cloud

and further with the idea of No Passwords in the Cloud as discussed in Patrick Harding’s presentation (you can download the slides HERE – pdf)

At the RSA conference, Patrick Harding of Ping Identity spoke about his company has learn about cloud computing in this session, “How the Cloud is Changing Federated Identity Requirements”.

A few of his observations:

1) Software is no longer build vs. buy. It now includes subscribe, which by definition is a shorter term relationship.

2) Cloud computing is an evolution of architecture. It arrives after Web services, which evolved from Web, client server, and mainframe.

3) Complexity of the identity layer is harder than ever for the simple reason that there are more apps per user than ever before.

4) Services are becoming any-to-any, where internal (employee) and external (customer) classifications don’t matter nearly as much as before. Because of this firewalls are losing their usefulness.

5) Audit is no longer an afterthought. Auditors don’t care how or where applications hosted, but hey do need their reports! This includes Sarbanes-Oxley, HIPAA, Gramm-Leach, Bliley, and more.

I agree with this overall mindset that Identity will be a key player in both Web and Mobile Cloud computing

I also covered the same issue in a previous blog: Solving the minimum disclosure problem: The significance of Claims based Identity system

So, my qs is: Do you agree with the above analysis for the role of Identity in Web and Mobile Cloud computing

Welcome any ideas/thoughts on the above

You can email me your responses at ajit.jaokar at futuretext.com. All responses are confidential and I will email you a copy of my presentation as thanks

Comments

  1. Ajith says:

    I am just trying to get cisco certification and was very on getting information on cloud computing. I found your articles extremely informative and given me some insights. Thank you very much.
    Regards
    Ajith

  2. Mhunter says:

    As computing takes a step forward to cloud computing, security should not move backward. Users certainly should not accept moving backwards in terms of security. Going forward, computing technology and security must both advance together. That’s why first of all we all should educate yourself about cloud security to be well prepared for the new world of the cloud.

  3. Well Cloud Computing has many benefits. As the organizing principles underlying today’s datacenter, have actually outlived their utility and that a new paradigm is emerging.
    Not to forget that there are specific pain points within the underlying IT infrastructure for which we often could not devote time to formulate long term solutions. Most of the challenges that the current data centers are facing include:
    — Ballooning labor costs
    — Sky-high energy consumption
    — Growing Demands from users
    — Chaotic data silos
    — Exponential growth in data volume
    The hidden cost in responding to these pain points is business innovation and at this point the role of cloud computing becomes important.

  4. labatterie says:

    As computing takes a step forward to cloud computing, security should not move backward. Users certainly should not accept moving backwards in terms of security.