Thursday, October 14, 2010

A cloud by any other name...

by Forensic Focus columnist, Simon Biles

Simon Biles
About the Author

Simon Biles is a founder of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK.

“You have to know the past to understand the present” – Dr. Carl Sagan

If you have been kind enough to read some of the other articles that I’ve written here on Forensic Focus, you may have noticed that I have a bit of a penchant for historical references ( and quotes, and clich├ęs, but for now – please focus on the references ! ) – something that some of my History teachers might be astonished by, given how long they spent trying to get me to learn who killed who in 1066, possibly nothing compared to the amazement from my English teachers that I’m writing anything at all - but we’ll move on from that swiftly – we are operating in a field that has only been around for, by all counts ( ok, let’s leave Babbage out of it ) not even a century, yet we seem to have run out of innovation. It’s a bit embarrassing actually – we cover it up nicely by making things a bit smaller, or a bit shinier – but really we’re all aware of the fact that, nice as these superficial improvements are – we’re no closer to innovation than a fresh coat of paint on a room is to a Van Gogh.

I’ve known this for a while – not that it stops me from wanting shiny things – but it really came to my attention with “cloud computing”. I don’t know how many of you are aware (or for that matter how many of you would care, really, when it comes down to it) but the British Government has, in its published ICT Strategy (PDF here) proposed the “g-cloud”. This was created by our previous, Labour, government and published January this year, but it doesn’t seem to have gone away under our current, ConDem (I _love_ that abbreviation), rule. I don’t know who’s to blame for the daft name, or for the fact that, whilst “g-cloud” is number 2 in the strategy “Information Security” is number 10 – but nonetheless we have it, and so, as a fully paid up consultant, I was trying to figure out what is required to jump on the bandwagon and charge good money to secure “clouds”.

Fortunately, what I discovered was that I’d already been securing “clouds” for the last 10 years, and, as I pointed out earlier – there is nothing new, just a nice new shiny name, and some (ranging in quality) pretty web interfaces. Now, as a bit of a UNIX head and command line aficionado, the latter is of no great interest to me, so I’m left with a new name …


No comments: