Bruce Schneier on Cloud Computing

Quite a good blog post from the security expert:

The old timesharing model arose because computers were expensive and hard to maintain. Modern computers and networks are drastically cheaper, but they're still hard to maintain. As networks have become faster, it is again easier to have someone else do the hard work. Computing has become more of a utility; users are more concerned with results than technical details, so the tech fades into the background.


There is one critical difference. When a computer is within your network, you can protect it with other security systems such as firewalls and IDSs. You can build a resilient system that works even if those vendors you have to trust may not be as trustworthy as you like. With any outsourcing model, whether it be cloud computing or something else, you can't. You have to trust your outsourcer completely. You not only have to trust the outsourcer's security, but its reliability, its availability, and its business continuity.

This is something I've written about before. Your data and applications stay available in the cloud only at the service provider's pleasure. Free software should aim to provide an alternative, using peer-to-peer technologies and desktop-to-web content repositories to provide both the flexibility and collaboration features of the cloud, while still providing the security and privacy of local application instances.

In a world of non-neutral networks, government snooping and, yes, even sometimes lack of connectivity we need alternatives that will work even when offline and allow collaboration over more ad-hoc, personal network connections.

EDIT: While I'm critical of going fully cloud-only, I have to recommend Nicholas Carr's The Big Switch which provides many compelling arguments and historical analysis for utility computing.

Technorati Tags: , ,