Cloud Computing and Data Security

We cannot attribute the beginning of cloud computing to a particular person or time. It evolved with the evolution of Internet and enterprise computing. We may be able to trace its roots all the way back when Dr. Larry Roberts developed the ARPANET in 1969. (Whitman & Mattord, 2016)

While the evolution of ARPANET, to Ethernet and then to Internet happened, enterprises were discovering new ways to compute from mainframes to multi-tier computing. During the early stages of enterprise computing, enterprises were purchasing hardware and software to host internally. Though not in the form that we see today, enterprises had an early version of cloud in the form of networked mainframe systems with dumb terminals. They then slowly began to outsource their information systems to Internet Service Providers (ISPs) and Application Service Providers (ASPs).

The concept of using computing, as a utility was probably first proposed by Professor Noah Prywes of the University of Pennsylvania in the Fall of 1994 at a talk at Bell Labs. “All they need is just to plug in their terminals so that they receive IT services as a utility. They would pay anything to get rid of the headaches and costs of operating their own machines, upgrading software, and what not.” (Faynberg, Lu, & Skuler, 2016). It came to fruition when Amazon launched its limited beta test of Elastic Cloud Compute Cloud (EC2) in 2006. Meanwhile, has already mastered how to deliver an enterprise application using a simple website. Continue reading “Cloud Computing and Data Security”

Authentication – Level of Assurance

Authentication is the process of confirming an entity’s identity based on reliable credentials. The process and the technology involved in authentication varies with various level of assurance required from the entity.

Authentication Level of Assurance can be defined as the authentication strength required for a relying party to be assured that an entity is indeed who it claims to be. As part of an effort to create a set of criteria for levels of assurance, I want to find out existing assurance framework that exists today.

United States

Most online documentations refer to M-04-04 document published by Office of Management and Budget at the US Whitehouse. It identifies four levels of assurance –

  • Level 1: Little or no confidence in the asserted identity’s validity.
  • Level 2: Some confidence in the asserted identity’s validity.
  • Level 3: High confidence in the asserted identity’s validity.
  • Level 4: Very high confidence in the asserted identity’s validity.

Continue reading “Authentication – Level of Assurance”

Internet Traffic Shaping in Canada

A recent survey by the Canadian Press Harris-Decima poll on the internet traffic management in Canada suggests one in five surveyed supports the idea as long as all users are treated fairly.

From the Internet Service Provider’s (ISP) point of view, they are doing the right thing by reducing clogs during peak-use-time due to peer-to-peer file sharing services. However, I believe that type of service comes with a cost to regular subscribers. In order to execute such monitoring service, ISP will need to know activities of each and every subscriber which breaching their privacy. The Privacy Commissioner of Canada should be involved in the discussions that Canadian Radio-television and Telecommunications Commission (CRTC) are currently having ensuring the privacy of Canadians.

With regards to the Canadian Press Harris-Decima survey, I am curious if the survey ever educated the respondents with the details especially about the ramifications to the regular ISP subscriber if the ISP is allowed to shape internet traffic. According to the report by the Canadian Press, 54 per cent of the respondents did not know whether the traffic management affects them personally.

Couple this with two recent bills – the Investigative Powers for the 21st Century Act and the Technical Assistance for Law Enforcement in the 21st Century Act – just introduced before the House of Commons that will allow police to collect information about Canadian Internet users without a warrant and to activate tracking devices in their mobile devices and cars; wouldn’t it be a free pass to the privacy of every Canadian internet user?