Google et al, yes but the stuff with the NSA is overblown. NSA does have visibility into things that would and has surprised most Americans but sorry, its not nearly the b.s. that Snowden is trying to get people to believe. He's feeding the anti-government crowd and what is getting missed is corporations many times are too buddy-buddy with the government because they are looking for that 1st pass for when they do something horrible. There needs to be clearer protections in place so that companies can only be compelled to turn over user data when there is a known target acting or will eminently act. I'm also seeing more by large organization to purge data more frequently so that they can say that they don't have anything to turn over.
Another problem is that the term "cloud" has made people stop thinking as well. There are public hosting company's (i.e. Google), private hosting company's (i.e. Rackspace) and private hosting or simply remote access (i.e. a company's or person's ability to access their own data outside the corporate space). The rise of the former two are the result of post tech-bubble mechanics. We regressed back to having non-technical people to in position of power or at the top businesses again- a return to 1970's MBA logic. To be blunt, what that means is employees are expendable in the big picture. I should always be able to find someone to do your job... not my job though... I'm a manager and the company needs me. Instead of bringing the skills in house to build out the necessary corporate infrastructure, to satisfy MBA logic, which also cuts opex, you outsource the need. In typical fashion however, these technically illiterate people did not ask the question if outsourcing made sense over the long term. The honest answer, which they would get if they asked the right people is, "it depends on the situation". That answer doesn't fit another post tech-bubble problem, seeking 1 solution to fit everything. You can thank Microsoft for that one.
Now people are surprised by all the security breaches. I'm not. This is exactly what was is supposed to happen. How is a company that has so much data NOT going to be a target? There is a basic denial or ignorance of the criminal minded. Furthermore, people don't understand is that security, like programming, is a technical art. The problem is technical art gets managers nervous- suddenly, you can't just be replaced. They don't understand enough so they want an "industry standard" with very little deviation so that any one can do your job. If you think about that, we're talking about a lowest common denominator approach which leads to a higher likelihood you will get compromised. Smarter organizations would hire more people capable of this technical art (and assign management duties to the most senior and knowledgeable person) but that is too much like right.
I will say that I've had more clients in last couple of years, especially smaller organizations, ask about encryption services. Every at this point at least asks about the methodology we use to hand their data. I've even been asked about data obfuscation. Data fingerprinting and authenticity are things I'm also trying to promote now. So you're right, all these things are achievable and have been achievable for some time. The issue at hand is how to properly implement "security artistry". The good news is that this will happen. Organizations that continue to stick to the old paradigm won't last. This particular component of FOSS I think is going to explode because we have very mature encryption tech and work within an ecosystem that allows us develop security solutions based on need and not name.
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
From: "Paul Walker" <email@example.com>
To: "Philadelphia Linux User's Group Discussion List" <firstname.lastname@example.org>
Sent: Saturday, October 25, 2014 9:20:14 AM
Subject: Re: [PLUG] Spark Core (corrected)
Something I've been thinking about a lot lately, in general terms. It seems like handing all of our data over to these giant entities (Apple, Google, NSA, etc) is a bad idea. The shift in paradigm from an internet that empowers and connects, to one that monitors and controls, is palpable.
I would love to see more "cloud"-based platforms that offered the following:
Default anonymity (data is anonymized on storage and never connected with a user's identity)
Default encryption (data is encrypted from client to server and ever after)
Distributed models (peer based solutions for hosting and storage)
All of these things seem technically achievable, but it's perhaps not obvious where the incentive lies for entities providing the technical infrastructure (development, support, hosting, etc) and so the onus is placed on the user, the majority of whom lack the technical skill / time / patience etc to craft or implement alternatives (to google docs, or dropbox, for instance) so we are stuck with the monolithic model.
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug