The overall issue of regulating the cloud is far from anecdotal. Within a few years, we can bet the bulk of our hard drives – individual as well as collective ones – will be in other people's large hands: Amazon S3 storage service now stores 339bn objects – twice last year's volume.
We'll gain in terms of convenience and efficiency. We should also gain in security.
6 good pointers for things we need to think about in developing our UMF Cloud Pilot.
HEFCE and JISC are moving forward in delivering cloud-based services for UK education and research.
Since announcing a £12.5 million fund in February that aims to help universities and colleges deliver better value for money by working together more effectively, HEFCE and JISC are now able to confirm the projects and partners appointed to deliver the two parts of this work: a national cloud infrastructure and supporting services.
JANET (UK) will deliver the national brokerage to aid procurement of cloud services between higher education institutions and commercial suppliers and Eduserv will provide a pilot cloud infrastructure for higher education institutions. Other partners include De Montfort, Exeter, Edinburgh, Kent, Liverpool John Moores, Oxford, Leicester, Southampton and Sunderland universities (see note 2 for a full list of partners).
A press release from the JISC, providing details about the various activities that are being funded under their University Modernisation Fund (UMF) Shared Services and the Cloud Programme. Much of this work will sit on the pilot cloud infrastructure that we are currently building. See http://www.eduserv.org.uk/hosting/cloud-computing for details.
The bug was made possible because of the security architecture choice that Dropbox made, where encryption and decryption happen on Dropbox’s servers, rather than on individual’s comupters. This allows Dropbox to open files because it, not the user, holds the encryption key. That architecture adds to ease of use and lets people recover their files — even if they forgot their password. In a system where a user unlocks their cloud files with their own encryption key, the data would be lost forever if a user forgets their encryption key, and a complicated encryption key has to be entered into every client device that wants to sync via the locker.
However, Christopher Soghoian argues that Dropbox’s model introduces too many security vulnerabilities and that Dropbox overstated how secure file storage was, leading him to file an FTC complaint against the company.
Dropbox strongly disputed that it ever misled its users, saying that its security was an upgrade from how users typically stored information on their own computers.
For those who are seeking a service similiar to Dropbox, but with more security, Wuala and SpiderOak encrypt data on users’ devices, not on a central server.
Security breaches are obviously the new black... it seems everyone wants to get in on the act :-(
To the extent OpenStack attracts smart people who produce superior code, we will have no hesitation in using such pieces of the software. It’s wonderful that OpenStack is driving these initiatives. In our estimation, however, OpenStack may still be two years away from serious production use.
In the meantime, we have a massive market that we are serving. Over 25,000 Eucalyptus clouds have been started up all over the world. Our product has been ready for production for over a year. We are busy serving those users (Plinga, USDA, Puma, InterContinental Hotels, Aerospace Corporation, NSA, etc.). Our business is growing faster than we can handle. These customers are looking for performance, scalability, low latency and robustness of code. We have what we ourselves consider a very attractive roadmap for our product with sexy new features, but still our users value us mostly for having a hardened, fully QA’d platform.
An interesting discussion between Johannes Ernst and Marten Mickos (CEO of Eucalyptus Systems) about the relative positioning of OpenStack vs. Eucalyptus, particularly in terms of their support for the Amazon Web Services (AWS) APIs.
