copyright notice
link to the published version: IEEE Computer, October, 2014

accesses since September 26, 2014

Why Clouds Give Me a Case of the Vapors

Hal Berghel


Recently, Apple admitted that personally revealing photos of celebrities were released on the Internet due to security breaches associated with the use of Apple's iCloud and Find my iPhone systems. Apparently Jennifer Lawrence and Kate Upton missed my Computer column last January.

Let's analyze this recent event d'interest. According to Apple “…certain celebrity accounts were compromised by a very targeted attack on user names, passwords, and security questions…”( ), Color me dazed and confused! Hacking in cyberspace? Nothing like that has ever happened before. (I've got another heads-up for you iPhone users – Siri talks about you behind your back! I'm just sayin'.)

I know that in my personal life I build trusted relationships one tax-avoiding, jurisdiction-shopping multinational corporation at a time. Show me a company that engages in labor arbitraging to offshore production to third-world countries that pay starvation wages ( ), avoids taxes through shadow companies in Ireland (Apple Operations International), and that that reap real profits from the United States only to pay virtual taxes in invisible jurisdictions ( ) (what the New York Times calls the ‘Double Irish with a Dutch Sandwich') ( ) and I'll show you a company that deserves my full faith and confidence. Passwords? Crypto keys? Security questions? Not needed, oh corporate giants. Have your digital way with me.


According to popular lore, the concept of cloud computing dates back to the turn of the new millennium when Amazon sought to capitalize on unused cycles during non-peak usage periods. MIT Technology Review traces the actual term ‘cloud computing' back to 1996 when a few Compaq Computer employees decided to describe the business opportunities that existed for moving business applications and data to the Web ( ). Big data for them justified the sobriquet “cloud computing-enabled applications.” The “cloud” became the metaphor for the Internet. “Sump” might have been a better metaphor. But I digress.

But the concept actually dates back much farther as Simson Garfinkel explained in an October, 2011 issue of MIT Technology Review ( ). According to Garfinkel, MIT Professor John McCarthy thought of the organization of computing and networking resources as public utilities in a global resource-sharing environment in 1961. In turn, even McCarthy's vision may be traced back to Vannevar Bush's notion of memory extender (MEMEX) that he described in his Atlantic Monthly article ‘As We May Think' in 1945 ( ). The analog analogue of the cloud traces back to antiquity. The concept behind a sharable public data repository dates back as far as the earliest libraries. What the current generation has added to the concept is a digital structure ensconced in a modern business model.


I prefer to look at these digital repositories as digital vaults, crypts and ossuaries distinguished by content, purpose, and access. A generic online repository with real time access is a digital vault. Digital crypts, as the name implies, are final resting grounds for data – think cyber-catacomb. Digital ossuaries occupy the middle ground of online storage for archival purposes. These distinctions become important because they call for different business plans and security models. Failure to appreciate these distinctions is a cause of the recent discomfort felt by Mss. Lawrence and Upton.

Let's deal with digital crypts first. Digital crypts are millennial's catacombs for inorganics. Like their namesakes under Paris and Rome, they collect objects that are likely retained for archeological, forensic, or regulatory purposes. In our modern digital world, crypts serve libraries, governments, business and industry as backups and for compliance. In the normal course of events they may rest quietly and undisturbed for long periods, have little currency, and may be stored offline in minimum security settings when required. Old salt mines and deprecated missile emplacements would be good candidates for locations of digital crypts (and old celluloid film stock, for that matter). Hacks, malware, scams, phishing, and their cousins aren't big threats to crypts. This lowers the cost of storage and simplifies the business model.

Next up the food chain are digital ossuaries. These serve as archives as well, but must be online to be of maximal use. Examples would be medical and accounting records, transaction histories, and the like. Repositories of entities covered by the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX) and the Gramm-Leach-Bliley Act (GLB) would certainly qualify as ossuaries. I specifically mention HIPAA, SOX, and GLB because of their requirements for privacy and security controls. In this way, the ossuary adds online and security-privacy requirements over and above the needs of crypts. This business plan requires a sophisticated network storage and infrastructure augmented with a carefully thought through information security policy plan and implementation. Ossuaries may live quite comfortably on a proprietary local area network. In fact that might be optimal in many cases.

Finally, we move to digital vaults – what most people associate with “the cloud” these days. Here everything is accessible in milliseconds from the Internet. It contains everything that customers choose to store there from proprietary and classified information to Jennifer and Kate's selfies. Because of this ad hoc inter-mixture of data, it's not always clear what an optimal business and security-privacy might look like. Therein lies the rub. Needless to say, digital vaults are to be found in dangerous network neighborhoods where denizens of digital derring-do may lurk behind every cloudlet. Think of this as the fog of war - cyber mode.

My use of the vault metaphor serves to call attention to the absence of the standard safeguards normally associated with the physical counterpart. When we store things in our safety deposit boxes or bank faults or home safes, we experience the look-and-feel of the physical security measures taken to safeguard our possessions. How would you feel if you exchanged your briefcase full of family heirlooms for a mere promise of safekeeping from an unknown bank teller? For most of us that would be as unwelcome as flatulence in a space suit. We want to physically and personally verify the safety of the custodial transfer of our possessions by personally placing the goodies in a safety deposit box or witnessing the placement in a vault by an officer of the bank. That is what's missing from modern cloud services. Overconfidence is the default state for internet-based digital storage. We wouldn't accept unverifiable promises from our banks, and we probably shouldn't accept it from our cloud services. Even ownership of the vault (e.g., pod/rack/container) won't mean much if can't control the access to it. There's far too much trust required in cloud services. It's the digital faith-based initiative of the new millennium.


I should emphasize that I take no position on the management of data centers – I leave such matters to industry standards groups like the Uptime Institute ( ) and the Cloud Security Alliance ( ). My remarks are best taken philosophically: I think that it's prima facie obvious that you shouldn't entrust personal, proprietary and sensitive information to third parties unless required by law or because other alternatives have proven to be impractical or unreasonable. I also challenge the cost-effectiveness of cloud services. My hunch is that like university athletic programs, cloud services are only economical when the cost of ownership is calculated to exclude negative externalities, moral hazards and off-the-books expenses.

So why did public cloud services become popular. Certainly disaster avoidance and recovery figures prominently into the adoptions. There are organizations that are too large to think of force majeure as an insurance issue, yet too small to manage the risks themselves. These organizations are typically labeled Small to Midsized Businesses. There is an important niche market for cloud services for SMBs. Colocation (COLO) providers, that provide reliable power, secure network access, cooling, redundancy, fire protection, fault tolerance, physical security and so forth enable contingency planning that are well beyond the capability of many customers. The major COLOs like Equinix, Century Link, SunGard, AT&T, etc. seem to be providing useful services for customers that can't or don't want to provide these services themselves.

However, cloud services are undergoing commodification. It is unclear to me how one would differentiate tier IV data center infrastructures in terms of mission critical capabilities. So while there is a market for COLOs, it isn't clear that there's a market the number of COLOs that we now have for very much longer. In an era where the Department of Justice even shies away from oligopolistic accusations, not to mention prosecutions, I would expect a cycle or two of merger-and-acquisition mania in the near future will drastically reduce the number of clouds in the digital sky. Such being the case, we will likely end up with less competition, lessening of quality control standards, and tighter-fisted economics as these phenomena seem to be an inevitable byproduct of M&A mania. Smaller customers will be the first to feel the loss of prophylaxis.

The inevitable commodification of clouds will affect their future utility, value and appeal. However, there are some other considerations that affect their present utility, value and appeal. For one, there is considerable overlap between the cloud providers and the NSA company “partners” identified in the Snowden PRISM slides (cf. ). In many if not all cases these companies willingly shared customer information with the National Security Agency without requiring a court order ( ). The question you have to ask yourself is just how confidence inspiring is this corporate behavior?


Even if you're confident of the cloud service, how confident are you of the Internet Service Provider that serves as a conduit between your organization and the cloud? It should be noted that in many cases the recent gains in privacy protection, including SSL encryption of transiting data, was a direct result of the blowback that resulted from Snowden's disclosures ( ) and not because of any customer-centric concerns. But even at that, the Electronic Frontier Foundation's best practices have still not been completely implemented ( ). The point that I'm making is that the ISPs generally seem to favor reactive rather than proactive positions when it comes to protecting customer data.

Add to that the fact that the federal courts have taken the position that the government, not the courts, has final say when it comes to requests for customer data. When the FBI demanded real-time access to select customer data on Lavabit's secure email mail servers, the only way to comply would be to give up all SSL keys – and that meant providing real-time access to all customer communications, not just the a select subset. I encourage you to learn about the FBI's policies and the current status of the Lavabit case. (For overview, see and . The most recent ruling from the U.S. Court of Appeals, Fourth Circuit is online at .)

Remember, that all cloud storage operated by companies based in the U.S. are subject to U.S. laws, specifically including the Patriot Act ( ) and its equally Constitutionally-unfriendly descendants ( ). While access to email usually requires a warrant ( ), this may not be the case with cloud storage. You may be well-advised to create a new position in your organization for a ‘cloud lawyer' to interpret Title 18 language for you ( ). And the time to do that is before you consider cloud service.

Finally, the VPN service providers that you might use to encrypt the pipe between you and the cloud is also subject to the same government intrusions as the ISPs and cloud services. Cloud VPN provider CryptoSeal terminated their service in June, 2014 for just this reason ( ). Silent Circle shut down their encrypted email service, Silent Mail, for similar reasons because of fear that the government might serve them with National Security Letters demanding metadata ( ). Both saw the handwriting on the wall after Lavabit's experience ( ). Understand that NSLs arrive with a gag order and the prohibition of seeking counsel!. Until peer-to-peer encryption based on ephemeral keys or something like it is deployed everywhere mobile Internet access to any data repository is fraught with legal uncertainty. To its credit, Silent Circle did just that with their Silent Phone service ( ). They specifically encrypted the traffic at the media layer because carriers and ISPs may not be trustworthy. As I write this the FBI has requested changes in the federal rules of criminal procedure ( ) specifically to allow seizure of any target whose identity is concealed by technological means like TOR ( ).

So there you have it. My cloudtopsy reveals the four humors of clouds: early mortality, lack of constitutional safeguards in the U.S., possible ISP leakage and snooping, and VPNs that we can't trust. Think of these as the toxic biles, phlegms, and bad bloods of modern cloud computing! And as with the medical humorism of old, when data concentration is the rule, any deficiency in any of these humors will produce a bad case of the network computing vapors. I'm confident that Hippocrates would be pleased with my analysis.

Cloud services remind me of distance education – not a bad idea if the focus is entirely on the improvement of the overall customer (i.e. student) experience. However, that's not the way it evolved. In the hands of administrator-non-scholars, distance education became first and foremost an opportunity to grow revenue with minimal investment. Increasing the quality of the student experience went to the back of the budget bus. Similarly, I fear that the best interest of the customer –especially in terms of protecting customer privacy – is not the leading priority of cloud service providers. In any event, if you're considering surrounding yourself with such digital moisture, make sure to lawyer up and think hybrid ( ) because your cloud may become your single greatest vulnerability.


For an overview of Cloud computing, see the NIST Cloud Computing Reference Architecture -