Readers Responses: Timeshare The Old Cloud

SelecTViews: The SQL Server Show
with Stephen Wynkoop
Cloud security – what SPECIFIC steps can you start taking to assure success? Gazzang also on the show today, along with our Facebook question and upcoming events!
[Watch the Show] (it’s free)

Readers Responses: Timeshare – The Old Cloud
One thing that is clear is that the Timeshare of yesteryear and the Cloud of today, although very similar do not have the same level of complexity.

Today’s cloud has a distributed security model rather than a centralized management in a single operating system.
Historically you worked with a single operating system sharing at most a cluster…but generally on similar hardware/software from a single vendor.

Today security is most often implemented often on different hardware, using different operating systems, performing discrete functions on behalf of other systems. With Firewalls, routers & bridges, servers and clients all running on different platforms there are more pieces that have to work together, and are potential targets for attack.

Access points to shared systems historically were restricted to un-published phone numbers and early phases of the internet.

Today the Cloud is capable of being exposed to the entire world wide web rather than a limited number of access points.

However, there are processes and policies that were developed, and sometimes implemented in application and even operating system software, restricting people to “Their” view of the world. That is my area of interest.

Martin says:

Like you I was using timesharing in the late seventies/early eighties, principally in-house using IBM’s TSO and commercially using IP Sharp (wonder what happened to them) which if memory serves was based on APL, so probably on top of TSO. I’ll see if I can dig out one of my IBM tech references from the period (yeah, I know, how sad is that) to see what they have to say about security.

Steve Writes:

One of the largest challenges with securing the cloud was not a problem in the past – Security was between paying customers generally speaking, the “firewall” was the dial up phone number and any login/password. Once you were “in” the system you were assumed to not being there to breach security – you were there to work. Sure, there were bad people on the systems, but although laws weren’t caught up to the times the people could be prosecuted since they were generally a local phone call / local jurisdiction.

Although I’m sure this isn’t exactly what you are looking for I feel it’s the main point of old security versus today’s security – Even if we only go back 15 years to the day of server scripting the concern was other customers cgi scripts, NOT hackers.

These are great comments.We clearly need to learn from the past to protect our future. The problems are really that different. What is new is escalation of possible avenues for our systems to be breached. While we can rely on vendors to provide appropriate security measures, they do little for us if not implemented. That is the crux of the issue for me. What is the mindset, policy, practice of the professional who maintains the keys to your business assets?

Got a thought, comment, or even a disagreement? Great. Send me a note to btaylor@sswug.org.

Cheers,

Ben

Featured Article(s)
Database Archiving and Auditing Can Minimize the Potential of a Data Breach (Part 1)
Given how costly data breaches can be, taking steps to avoid them makes sense. The proper response is to implement a comprehensive data protection plan that includes database security, authorization, encryption, auditing and backup. But, you should also consider the benefits that can accrue by adopting a comprehensive database archiving strategy for your data.

Featured White Paper(s)
Upgrading to Microsoft SQL Server 2008 R2 from Microsoft SQL Server 2008, SQL Server 2005, and SQL Server 2000
More than ever, organizations rely on data storage and analysis for business operations. Companies need the ability to deploy… (read more)