Users’ trust in cloud systems is
undermined by the lack of transparency
in existing security policies.
BY MIHIR NANAVATI, PATRICK COLP,
BILL AIELLO, AND ANDREW WARFIELD
“Doesn’t matter,” says Andrea. “The
bonus more than covers it, and we’ll
still come out ahead. There’s a lot of
money on the table.”
“What about power? Cooling? And
how soon can we get our hands on the
machines? It’s Friday. Let’s not lose the
“Actually,” says Andrea, “Why don’t
we just rent the machines through the
cloud? We’d have things up and run-
ning in a couple of hours.”
“Good idea! Get Sam on it, and I’ll
run it by security.”
An hour and hundreds of clicks lat-
er, Transmogrifica has more than 100
nodes across North America, each cost-
ing less than a dollar per hour. Teams
are already busy setting up their soft-
ware stack, awaiting a green light to
start work with live data.
Cloud computing has fundamentally changed the way people view computing resources; rather than being an
important capital consideration, they
can be treated as a utility, like power
and water, to be tapped as needed.
Offloading computation to large, centralized providers gives users the flexibility to scale available resources with
changing demands, while economies
of scale allow operators to provide
required infrastructure at lower cost
than most individual users hosting
their own servers.
The benefits of such “utilification”
extend well beyond the cost of underlying infrastructure; cloud providers can
afford dedicated security and reliability teams with expertise far beyond the
reach of an average enterprise. From a
security perspective, providers can also
FRIDAY, 15: 21. Transmogrifica headquarters, Palo Alto…
Two people are seated in the boardroom.
News has just come in that Transmogrifica has won
a major contract from Petrolica to model oil and gas
reserves in Gulf of Mexico. Hefty bonuses are on offer
if the work is completed ahead of schedule.
“Let’s order 150 machines right away to speed things
along,” says Andrea.
“Too expensive,” says Robin. “And what will we do
with all the machines when we’re done? We’ll be over-
“Utilification” of computing delivers
benefits in terms of cost, availability,
and management overhead.
Shared infrastructure opens questions as
to the best defenses to use against new
and poorly understood attack vectors.
Lack of transparency concerning
cloud providers’ security efforts and
governmental surveillance programs
complicates reasoning about security.