Monday 9 July 2012

All your clouds are belong to us!


Have you ever wondered why the Internet has always been represented by a cloud symbol?
Well a cloud is intangible; it doesn’t have any defined shape, and is in constant motion. When viewed from a distance it seems like a tangible entity, but when examined up-close all sense of structure and solidity is lost. Sound familiar?
Simply put, the Internet has always been one large unmappable information-cloud.
Now a staggering amount of personal information is beginning to accumulate, and float around, in this cloud. This information only looks set to increase with the advent and growth of ‘Could Computing’ resources. As the Internet will be offering increasingly interactive, and personalised, remote services
You may not have heard of it but in late 20011 a group of researchers from Ruhr University in Germany released a paper called "All Your Clouds are Belong to us." This caused quite a bit of restlessness within the ‘cloud computing’ fraternity, as the paper revealed basic security vulnerabilities in various cloud platforms  including, but not limited to, some of Amazon's services.
Amazon has since released a statement to say all these issues have been resolved.



Head in the clouds...
I’ve mentioned could computing before, but to many people it’s still a very fluffy concept. The hype-machine has been in overdrive the last few years, but the basic premise of ‘The Cloud’ and ‘Cloud Computing’ is hardly new. This has been around since the beginnings of computer networks. Some of the first systems I ever used could be said to be ‘in the cloud’ in all but name: mainly because the ‘name’ wouldn’t be coined for several decades!
Cloud computing, in its basic form, simple means storing the programs and data you use on a remote system, and allowing you access to these resources from local hardware. That’s it! Anything else is just, well... ‘Fluff.’

The ‘local hardware’ may be a computer, but may just as likely be a games-console,  an internet enabled TV or DVD/Blu-ray player, or any of the increasing range of bespoke devices now being offered for internet based services.
You can watch a movie, or an entire TV-series, from a virtual video library through services like Love Film or NetFlix, or play virtual-games through OnLive and Gaikai, all of which provide cloud services.
Today most people’s established ideas of cloud use, such as applications like the Google office suite, are in a state of rapid change. I don’t think it’s an exaggeration to say that cloud applications are expanding on an almost daily basis, although most of these are probably destined go unnoticed by the majority of people.

The Cloud now had an extensive user-base, and the chances are you may have already used a ‘cloud’ service without even noticing. Has anyone in your house ever played the massively popular browser-based Runescape on-line MMORPG game? Well that definitely falls under the auspice of ‘could computing,’ as does the innumerable variety of web-based on-demand audio/video services, yes even YouTube!
Usage of Web-based application-suits and data-storage sites are also on the rise, so it should come as no surprise that this increasing market is being targeted by the advertisers and data-gatherers that are already so prevalent and adapt at data-mining the browser-based Web.


Hiding from the cloud miners...
 
The sometimes shadow-like data-miners are undoubtedly already in the clouds.

But is their presence any scarier than that on the more established Internet?




Well a few, not very advertised, things to bear in mind about the cloud are:

1)      The physical machine; on which any data, along with any executable applications; you use is solely controlled by someone else.
2)      You should always read the terms and conditions... Yes I know we all skip past this, but it may be very important to know exactly where you stand, especially if you are storing personal data on a cloud-based service.
Who has (legitimate) access to your data?
Where in the world is your data physically stored?
What processes and procedures are in place should your data become unreachable, corrupted, lost, or hacked?
3)      Unless the service you are using is community based open-source; freeware, or possibly a charity; the provider company is in business to make a profit. So usage will probably involve some form of payment, ether directly or indirectly. And indirect payments generally revolve around some form of micro-transactions and/or advertising.
4)      Disclosing your personal details to anybody requires a certain degree of trust. And a lot of hysteria has been generated around on-line transactions being especially open to misuse. Now I’m not scare-mongering here, of course the Internet is now a legitimate way to purchase goods and services, but like any other market it has its fraudsters. Be aware of whom you are giving details to, of what details you are providing, and of the security measures put in place to guard your personal data, finances, and anonymity.

Advertisers want to know who you are and what you buy and many cloud services may provide a certain degree of information about you and your habits to any interested parties, unless they specifically say they won’t in those ‘terms and conditions.’
Data selling has always been a quick way to make good money on the internet. And although, just like marketing calls, this may be an annoyance it isn’t really a great threat to your personal identity or security. But there have always been those less scrupulous miners who are after the hidden nuggets of more personal, and potentially lucrative/damaging, information.

Many cloud sites were found to be susceptible to XML and XSS based attacks as well as being open to certain JavaScript code based vulnerabilities. Several being serious enough to allow an interlopes access to create new machine images and gateways into the services, or even in some cases to start and stop the virtual machines, effectively crashing the systems!
Many notable individuals, and quite a few corporations, have publicly expressed concern about the cloud’s ability to safeguard personal and otherwise sensitive information from thieving hands. The debate rages on, with both the pro and con points of centralised cloud-based resources being constantly debated
Service level agreements from cloud providers are important for user safety and legislation is still a bit 'fluffy' on what protection this should provide by law.
Obviously any legitimate providers will take the best steps they can to make sure your personal data as secure as possible. It isn't in their interests not to! But like any other on-line enabled media the data can theoretically become vulnerable. So you should bear this in mind when signing up to anything on-line, not just with regard to cloud services.


So does this really mean ‘All your clouds are belong to us?’ Are there dark clouds looming over the horizon, or are they already raining upon us?

Well to be honest I personally think it’s probably no more than the usual Internet risk, which in some cases is less that the real-world fraud risk. Commercial PEN Tests (network penetration testing) routinely bring back system vulnerabilities; it’s a recognised side-effect of the ever-marching progress and evolution of computer systems. As such it’s something to be dealt with rather than feared. The modern form of Internet based cloud computing services are relatively new, so some teething-troubles are to be expected.
Provided you take reasonable care and responsibility with the services you pick and the information you divulge, remember it’s not just bank details that can be of use to dedicated internet wrongdoers, I think you should be reasonable secure. I also think way too many people have put way too much personal information out on the web. Most people are very surprised by what can relatively easily be discovered about them by simple web search... far less by detailed and intrusive data-mining techniques! Who knows what a system hack could uncover... Well I suppose Sony do, but there’re not telling!

I don’t see any reason to not use properly maintained and managed cloud services, but I do pay attention to what personal information is available on these sights, and to what my legal status is in the event of something going wrong... After all I never thought PSN would get hacked, and that my bank-details may have been stolen!



So what has all this got to do with games? Well lots actually...
OnLive has shows that a totally cloud-based gaming service can work NOW, not tomorrow, not next week, but NOW, this very second. If you haven’t already you can go to OnLive right after reading this blog, sign up (or in) and start playing a game that your hardware may not physically be capable of handling... because it isn’t your hardware that’s running the program, it’s some server in the ‘cloud’ somewhere. I think games are a good visual example of what cloud computing can achieve.
And with Sony buying over Gaikai (another browser-based cloud gaming platform), things are only set to get even more interesting. What (if any) impact will this purchase have on the Playstation 4 console for example? Sony is keeping rather tight-lipped at the moment, but as they say... ‘Watch this space!’

If they can prove your identity and money is safe and they can provide you with access to an increasingly complex and advanced gaming platform without the need to continually upgrade or buy ever-more powerful (and expensive) hardware, why wouldn’t the average gamer embrace on-line cloud gaming? On-line purchasing had been coming in the back-door via PSN and Xbox-Live for some time now... largely unnoticed.
More recently many big-name publishers are being much more brash and up-front about providing on-line download access to their latest games.
The on-line and cloud move is coming, what shape that cloud take is yet to be seen...

2 comments:

  1. I don't remember where I heard that phrase "all your moneyz are belong to us" or something like that lol anyway great blog, check this one out too http://www.flashshed.com

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete