When I went to BruCON recently, one of my favourite presentations was ‘Project Skylab 1.0: helping you get your cloud on’ from Craig Balding.
The full presentation slides can be found here: http://www.feedsite.org/security4all/BruCON_2010_skylabv2.pdf
The thing that I mostly liked about this talk, among with the other great ones, was the fact it really got me thinking and that I had ideas flying through my head as the talk was still being done.
I have always been very skeptical of so called ‘Cloud Computing’.
This is due to the way it is used by companies and within the media, when they use it as such a general term that is trending at the moment. And it is used in such ways that if you add that it is ‘in the cloud’ the your product must be undeniably amazing.
I have also been skeptical of it due to the fact that when using these services, you are expected to just trust the company you are using, when they don’t really give any indication that they are trustworthy, apart from them perhaps having a well known name – and just because your company name is amazon, or Google, does this mean that I should trust you more with my data than a random stranger in the street I’ve never met before?
But as Craig pointed out, there are 3 layers in the cloud services model (which I didn’t realise):
Software as a service (Saas) – which is the basic one that everybody has heard of,
Platform as a service, and the last layer (which I hadn’t heard of),
Infrastructure as a service.
Now I found this last service really interesting, mostly as he was using examples that could relate to specifically to the security industry, but it was also the service that had me thinking about the possibilities and real advantages that cloud computing could have to me specifically. This is another reason I had never really cared much hearing about cloud computing, as I had never really thought of any great advantages that I could have testing, or exploiting.
I’m not going to go into great detail of what Craig discussed in his presentation, as (even just for the cool slides) you should check them out for yourself (link at top). But an example that I specifically remember is the idea of being able to use infrastructure as a service easily for password cracking, as you could use VMs on demand, distributing the cracking over the many VMs, and if you wanted it quicker, you could just pay to use more VMs.
At last I’ve found a reason to actually really look forward to cloud computing, and this also doesn’t have as many security concerns, (for me at least, which after all would be my main concern when using cloud computing) as most uses would be on an on-demand basis, so the data used probably wouldn’t be that important, as I wouldn’t be expecting to keep it. And if there was, you could always build a personal server for cloud use of important data.
In the end it was a good presentation, that really got me thinking, which is probably why I enjoyed it so much. And I advise you to check it out yourself.
The video of the presentation should be available shortly through the BruCON website http://2010.brucon.org/