Saturday, October 22, 2016

Topic 5: Enterprise Security Architecture


As a law firm, my employer maintains a large amount of personally identifiable information (PII) along with vast amounts of our client’s (banks and lenders) data and digital documents.  Our desire to move as much of our datacenter to the cloud (along with all this sensitive data) as quickly as possible has led to many debates about PII and sensitive client data in the cloud.  These debates have to consider the regulations governing the mortgage industry (our area of practice) and law firms along with our client’s wishes and demands.

With this reality in mind, I wanted to dig deeper into the world of encryption for data stored in the cloud, which brought me to the above article for my first reflection.  This article offers several fascinating statistics and insights regarding the lack of security around cloud storage.  This particular article focuses on cloud-based applications and how few application service providers encrypt their user’s data at rest and how much sensitive data users actually upload.

The problem that I’m more interested in is with cloud-based file system storage.  When offerings like Google Drive or Dropbox are examined, we see that they encrypt user data at rest, but the rub is that the user does not control or possess the encryption key(s) - Google and Dropbox handle that.  Would this be good enough when it comes to ensuring our clients (and regulatory bodies) that their data is safe?  I don’t think so.

The only way we, or any other organization, as caretaker of sensitive information, can promise anyone that the data is safe is if it’s encrypted at rest and we control the encryption keys, not a third-party.  Even if the likes of Google and Dropbox have better security controls than my small-to-medium sized law firm, they are still a third-party - no assumptions can be made and no assurances can be granted for their capabilities.

After a quick look at Amazon’s AWS offering for cloud storage, I saw that they offered encryption at rest (no surprise) along with the option for the customer to control the encryption key(s).  I’m not sure what the banks think, but if their data is encrypted and we possess the keys, then it simply shouldn’t matter where the data is actually stored.



I couldn’t help reflecting on this article, because, as technology-oriented articles go, this one is quite sensational.  Actually, the first three flaws are more mildly surprising than sensational, at least for someone who is not a security expert.

The first flaw essentially says that PKI is too complicated and thus prone to mistakes.  This is a perspective I was not aware of, as many companies set up their own PKIs and apparently, most do it poorly.  Of course, the article is written by a PKI consultant, so he obviously stands to gain by convincing businesses that they cannot set up a PKI themselves.  

The second flaw is an extension of the first, where the author states that the complexity of PKI causes numerous PKI errors that often reveal themselves to a user trying to reach a supposedly secured website.  In a more secure Internet, the errors would be few and when there are PKI errors, access would be blocked.  However, what happens in the real world is that our browsers allow access, presenting nothing more than a warning, which is usually ignored by the user.  

The third flaw really isn’t a flaw of PKI at all.  To impune PKI by stating that it does address all other technology security risks that a business faces doesn’t make much sense.  PKI is primarily used as an integral component for encrypting data in transit, and with the exception of flaws one and two, it really does that quite well (and has been doing it for quite some time also).   

It’s the fourth flaw that I found extremely interesting, very sensational, and somewhat scary.  For the fourth flaw, the author states that “eventually, PKI will stop working forever”.  One of the few things I know about PKI is that it’s based on asymmetric key pairs, where a file encrypted with key “a” can only be decrypted with key “b” and vice versa.  Knowing the key used for encryption does not allow someone to decrypt the file, which is the fascinating point about this technology (developed back in the 1970s).  The secret to asymmetric key pairs involves large prime numbers and some very complicated math, so complicated that even today’s computing power cannot be leveraged to crack the encryption keys.  However, here is where the author makes it interesting.  He says:

One day, the incredibly hard math involving large prime numbers won't be so difficult to solve anymore.  For example, one of the biggest promises of Quantum computing, whenever it finally gets perfected, is that it will be able to immediately break open PKI-protected secrets. Sometime in the near- to midterm future, useful Quantum computers will become a reality. When they do, most public crypto will fall.

After delivering the depressing message that the very foundation of a secured Internet will one day crumble, the author at least offers a modicum of hope by saying that quantum cryptography will be the answer.  The author then steals back that modicum of hope by stating that the quantum computers needed for quantum cryptography will be extremely expensive and beyond the means for the average Internet user.   

Hard to tell where this is headed, but if there’s any likelihood to the author’s claims, then I would guess that in the future we might be shopping Amazon from some centralized Internet cafe offering quantum computers, at least until we can afford our own.


Reflection 3: Quantum computing 101

I wasn’t expecting to reflect on quantum computing, but the previous reflection proved too fascinating to just drop the topic.  Even though there’s a lot of interesting material in this article and it’s presented in a nice “101” manner suitable for someone reading about quantum computing for the first time, what’s really nice is that it explains how quantum cryptography works, at least at a high-level.

Rather than trying to summarize an already nice summary, I’ll call out a few of the interesting elements of quantum cryptography.  The first interesting element is that the encryption key is based on the polarization of photons, which is completely random and unpredictable (crazy quantum stuff).  What’s really interesting about this is that the “key” is physical in nature, unlike today’s keys which are based on a mathematical problem.  Because of this physical (and random) nature, even the most powerful quantum computers of the future will not be able to break the key because it’s not mathematical.

Even if the keys cannot be cracked, one would think they could be intercepted in transit, which is another really interesting part of quantum cryptography.  While the photons are being transmitted to the parties wishing to initiate encrypted communication, they cannot be sniffed or copied in anyway, as such an innocuous action will cause their polarizations to randomly change (more crazy quantum stuff), causing the keys to not match, and thus, forcing the two parties to retry until their keys match.

The last interesting point about all this crazy quantum stuff is that for the field of cryptography, it is simply a new means for distributing synchronous keys (shared secrets).  Once the quantum distribution of photons has successfully been concluded, everything reverts back to technology we are all comfortable with today, that being traditional data encryption using a shared-secret key.  As long as those photon-generated keys are not stored and reused, all communication should be secured.

What I don’t understand at this point is who will generate these photon-based keys and how will they be transmitted to the parties involved.  Will it be technology for the masses or for the few?  Will the average Internet surfer be required to own a quantum computer to receive a quantum key?  The author from my second reflection implied as much when he expressed concern that quantum computers are not expected to be priced for the average consumer anytime soon, if ever.  

This leaves me wondering what the future of e-commerce and B2B integration looks like.  It sounds like there’s going to be a period of time in which a small number of quantum computers will exist for big business, governments, and James Bond villains, while unavailable to the rest of the world.  This means that traditional Internet encryption using PKI could be easily cracked by anyone possessing a quantum computer while the masses will not yet have access to quantum keys as the antidote. That sounds scary and certainly would be a huge step backward.

Saturday, October 8, 2016

Topic 4: Enterprise Technology Infrastructure Architecture

For this week’s blog posting I’m going to reflect on operating a data center as well as some of the current trends impacting data centers. A couple of blog postings ago I wrote about how SMBs are anchored down by maintaining their own data centers, stunting progress with the core business and other areas of IT such as SOA implementations and analytics, so it seems worth exploring data centers a bit deeper.


For my first reflection, I wanted to find a real-world example of a business moving entirely to the cloud, ideally an SMB.  In my research, I came across this article from last year on how Netflix finished moving its entire business to Amazon’s cloud platform.  Netflix is far from an SMB, but the article was too compelling for me to ignore.  

The second paragraph immediately answers the important question of “why?”.  In 2008 Netflix experienced a serious outage with their data center, which is probably the primary impetus behind most cloud migrations, especially for SMBs where, I believe, proper investments in reliability are lagging.  Many businesses will examine the costs and benefits and cautiously contemplate a move to the cloud, but as soon as there is an outage, that cautious contemplation quickly becomes an irrepressible demand, which speeds matters up.  

The article, unfortunately, doesn’t provide any cost comparisons between the Netflix operated data centers and the cost of operating in the Amazon cloud, but direct, measurable costs are probably not going to be the deciding factor.  It’s going to be the indirect costs associated with outages that will be the deciding factor, along with the realization that running a data center is simply not a core capability of most businesses.  Focusing on the core and offloading or outsourcing most of the rest is a common and sound strategy these days.

The only piece of their home-grown infrastructure that Netflix did not move to Amazon’s cloud was their content delivery network, which essentially consists of all the video caches around the world, allowing their content to be close to the customer.  There are plenty of edge computing companies, including Amazon, that could handle this for Netflix, so one can only assume that Netflix considers their content delivery network a core capability and competitive advantage - something they do better than others - while the rest of the IT infrastructure was not.
   
It’s ironic to note that as I was writing Reflection 3 (below), Netflix had a serious worldwide outage for at least one hour.  It would be interesting to know if it was Amazon’s doing or something self-inflicted by Netflix.  Regardless, I don’t think Netflix will be reversing direction any time soon.

In looking for articles on data centers and moving to the cloud, this article, while not providing insights on the value of moving to the cloud, was still too interesting to ignore.  I’ve always marveled at Google’s ability to do what they do, especially given the performance problems of the small, custom-built application that manages the back-office operations of my current employer.

What amazed me was the revelation that Google now designs their own hardware to address their unique performance and load requirements rather than use commercially available options, which Google deemed unsuitable for their needs.  

At first, I was curious why Google hasn’t commercialized their networking/hardware innovations, but I quickly concluded that they must consider such innovations a competitive advantage and, as such, choose to keep their technology private.

More importantly, I wondered how networking giants like Cisco could be out-innovated in their core area of expertise by a company who’s core is not in networking and hardware. Is it because commercializing hardware and software for a mass-market requires compromises in order to achieve certain cost and utility goals?  I’m going to assume Cisco knows how to do what Google did and probably figured it out before Google did.  Cisco must have concluded that the capabilities were too specialized and/or too expensive for the commercial market - if I were to give them the benefit of the doubt.

Conversely, it could be that Cisco is withholding innovations that would disrupt their own market segment.  That’s not unheard of, albeit very risky, as I have to believe there are numerous other potential disruptors, that unlike Google, would be happy to commercialize such innovations.


One of Google’s innovations (from the previous reflection) was to build software-based switches using cheap hardware.  This sounded very similar to the recent trend in data centers called hyperconvergence, which is the third article I want to reflect on.

The hyperconvergence trend simply takes the software-based virtualization paradigm for compute environments and adds storage to the mix.  This allows data centers to simplify and further extend the cost savings and flexibility that virtualized compute environments have long delivered.

The article compares and contrasts the hyperconvergence trend with its convergence predecessor.  Both trends try to commonize on hardware, however, the convergence trend still saddles a data center with separate storage and compute devices, which in turn, requires an emphasis on expensive networking hardware.  By contrast, hyperconvergence melds storage and compute platforms together, managing them from the same software-driven virtualized environment, in turn, deemphasizing the network and the need for expensive networking hardware.

It is interesting how strong a resemblance the hyperconnectivity trend bears to Google’s data center innovations from Reflection 2.  In Reflection 2, I pondered why Cisco (or others like them) hadn’t beat Google to the punch with such software-driven data center innovations.  One of my speculations was that it might be too disruptive to their lucrative market.  I find it interesting that hyperconvergence, with its emphasis on virtualized storage and compute environments and the de-emphasis on networking, seems to support that speculation.  There should be no need for the networking giants to worry though as I’m sure the Internet holds plenty of opportunities for growth.