January 6, 2011
In this first of two pre-MIDEM guest posts, digital security and privacy specialist Gemalto's Christian Goire explains the essentials of the cloud
This post will consider what’s at stake if money is to be earned with cloud technology. It will reassess what we believe as established knowledge in terms of cloud computing; then the second post will focus on cloud music inparticular.
As we know, cloud computing requires security and privacy.
How to summarise the different facets of cloud computing? Considering the figures and diagrams in the below slides and according to NIST we can call cloud a structure if a number of characteristics are met.
1/ There are four deployment models: hybrid clouds, private clouds, community clouds, public clouds
2/The service models may be one of three types: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS).
3/ The five essential cloud characteristics are:
On demand self-service
Broad network access
Resource pooling (location independence)
I will not dwell on the ‘pros’. Once we have settled the definitions we have enough material to see the existing and potential ‘cons’ of cloud computing. It will be interesting to find solutions to transform them into opportunities as stated by ENISA.
Any company going ‘cloud’ has two kinds of assets. Its products (for instance digital contents) and, increasingly vital, social networking with its clients. So at least two types of data structures.
These clouds are becoming so necessary and huge (for some of them) that there is not a week with rumours or facts about attacks. The most frequent attacks are the denial of services called DDoS (Distributed Denial of Services) when the cloud is distributed (general case).
They are also ways of stealing data, worse than that to capture the code of the Distributed Virtual Machine (VM) (heart of the system), enabling hackers to destabilise the company completely. Without naming the companies, it has been established that emails could have been read, and that in some other international cases, services had been out of order.
No one cloud is the same. We have the ‘big ones’ and the small companies going ‘cloud’ for instance privately being hosted in common places with competitors.
Fortunately, France, Europe and the USA have started to work, at different paces but with the same objectives, to produce laws to protect companies going ‘cloud’ and their users from personal data and identity theft. So evaluation procedures are being defined and labels given to the providers of means enabling security. We are going slowly to the concept of security and privacy by design.
When it comes to advertising, upload, streaming or customisation, new additional nightmares – or dreams – appear.
The first step is to establish trust both for the end users and the company.
My next post will translate this language into music.