[ale] [ALE] OT: article on encryption keys and cloud computing

Tue Nov 13 12:59:22 EST 2012

On 11/13/2012 11:49 AM, Jonathan Meek wrote:
>
> http://m.nextgov.com/cloud-computing/2012/10/op-ed-encryption-not-restriction-key-safe-cloud-computing/58608/ 
>
>
> Sorry about that. I goofed.
>
My problem is less the security of encrypted data but with the physical 
location of the data. Some of the concern is the local political 
stability and attitudes and part of is technical/commercial.

Data stored in a relatively stable country (say Canada, Australia, or 
Japan) is probably relatively safe from local political mischief but in 
other, less stable countries I am not so sure about that. First any 
encryption algorithm can be cracked with enough time/computing power 
thrown at it. Also, how the people with access to the equipment vetted; 
some of the information should be not be near by any who has not been 
vetted (security clearance, etc.). Compounding this with the locals 
loyalty is to their country not any other foreign country.

The technical/commercial is that offshore facilities may not be in the 
same time zone as the users. This potentially creates support problems 
of the data center being on third shift to support users on first shift. 
Third shift is always a difficult shift to staff because many do not 
adapt well to it; I worked third shift for several years. The technical 
issue is how stable is the local infrastructure; are they subject to 
local outages that make the data unreachable or unusable. The data may 
be scattered in several locations but is all the necessary data together 
so an outage would be all or nothing.

Personally, I find many of the Cloud promoters overlook other issues 
that should be included in the decision besides absolute costs. And my 
question what is the difference topologically between a third party 
Cloud provider and an internal data center? The main difference I see is 
how it is budgeted; someone has to provide the physical infrastructure 
and you are going to pay for it. The costs are either primarily internal 
- your data center and staff - or external - someone else's data center 
and staff.

> On Nov 13, 2012 11:27 AM, "Tim Watts" <tim at cliftonfarm.org 
> <mailto:tim at cliftonfarm.org>> wrote:
>
>     Care to feed us a link?
>
>     On Tue, 2012-11-13 at 08:24 -0500, Jonathan Meek wrote:
>     > Guys,
>     >
>     > Came across this article on keys and cloud services. It makes the
>     > argument that customer controlled keys makes a step in the right
>     > direction and could help governments take advantage of cloud
>     > computing.
>     >
>     > Just food for thought.
>     >
>     > Jonathan
>     >
>     > _______________________________________________
>     > Ale mailing list
>     > Ale at ale.org <mailto:Ale at ale.org>
>     > http://mail.ale.org/mailman/listinfo/ale
>     > See JOBS, ANNOUNCE and SCHOOLS lists at
>     > http://mail.ale.org/mailman/listinfo
>
>
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
Jay Lozier
jslozier at gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20121113/ae1a818b/attachment-0001.html>