Today's top stories

How a decentralized cloud model may increase security, privacy

A new cloud model can support scalable applications while retaining safeguards of a decentralized, trust-minimized ecosystem.

Whether it’s Amazon Web Services (AWS), Dropbox, Citrix, Microsoft or Google, all cloud storage vendors use the same basic principle — they all sync and copy to a centralized cloud server cluster via the internet. Millions of users and their devices every second connect to these central cloud clusters to store and access files that are associated with their online accounts.

The cloud has been one of the greatest success stories of my generation, but a centralized server architecture has its shortcomings.

Loss of control

The dependence on remote, cloud-based infrastructure means taking on the risks of outsourcing everything. Even though most cloud computing platforms implement best of breed security practices, storing sensitive data and important files on servers belonging to external service providers presents its own set of risks. For example, most service providers take back-ups for off-line availability, creating multiple copies of files in various servers across geographies and leading to a broader threat surface.

And, though not the fault of the cloud provider, server misconfigurations leading to data leaks have become so common that they hardly make headlines anymore. One recent such example is the leak of a Dow Jones Watchlist Database, containing identities of government officials.

Privacy can also be a disadvantage for the cloud. Information on a public cloud can be legally and secretly accessed and exfiltrated by the provider, law enforcement agencies and in some cases foreign powers. The passing of the CLOUD Act last year obligates cloud providers like Amazon, Google and others to submit evidence to law enforcement should they be served a warrant -- even if the evidence is stored in another country or server.

Regulations like GDPR, HIPAA, SOX etc., may also become a hurdle because the actual compliance and management resides outside of your control.

Unexpected expenses

Adopting the cloud’s pay-as-you-go model can be flexible and may seem to lower hardware costs. But if you calculate the overall price tag in the long run it can turn out to be expensive. Constant syncing of all users and their devices to the cloud can also lead to increased bandwidth overhead.

Vendor lock-in can also be another disadvantage for cloud computing. Switching between cloud platforms can lead to configuration complexities, additional costs and downtime. Compromises made during the migration process can lead to security and privacy vulnerabilities.

Single point of failure

A recent configuration error on Google cloud servers disrupted services for up to four and a half hours and affected huge brands like Snapchat, Vimeo, Shopify, Discord, and Pokemon GO. Since cloud computing services are internet based, service outages can happen anytime and can occur for any reason and you have very little control over the whole situation. If a central controller is compromised, your data could be compromised as well.

Decentralizing the cloud

Although the existing cloud model is hugely successful, an upcoming generation of platforms plan to overcome some of the challenges cited above by focusing on decentralizing the cloud infrastructure with AI and blockchain. This new cloud model can support scalable applications while retaining safeguards of a decentralized, trust-minimized ecosystem.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!