How a decentralized cloud model may increase security, privacy

A new cloud model can support scalable applications while retaining safeguards of a decentralized, trust-minimized ecosystem.

distributed / decentralized network connections across the globe
NicoElNino / Getty Images

Whether it’s Amazon Web Services (AWS), Dropbox, Citrix, Microsoft or Google, all cloud storage vendors use the same basic principle — they all sync and copy to a centralized cloud server cluster via the internet. Millions of users and their devices every second connect to these central cloud clusters to store and access files that are associated with their online accounts.

The cloud has been one of the greatest success stories of my generation, but a centralized server architecture has its shortcomings.

Loss of control

The dependence on remote, cloud-based infrastructure means taking on the risks of outsourcing everything. Even though most cloud computing platforms implement best of breed security practices, storing sensitive data and important files on servers belonging to external service providers presents its own set of risks. For example, most service providers take back-ups for off-line availability, creating multiple copies of files in various servers across geographies and leading to a broader threat surface.

And, though not the fault of the cloud provider, server misconfigurations leading to data leaks have become so common that they hardly make headlines anymore. One recent such example is the leak of a Dow Jones Watchlist Database, containing identities of government officials.

Privacy can also be a disadvantage for the cloud. Information on a public cloud can be legally and secretly accessed and exfiltrated by the provider, law enforcement agencies and in some cases foreign powers. The passing of the CLOUD Act last year obligates cloud providers like Amazon, Google and others to submit evidence to law enforcement should they be served a warrant -- even if the evidence is stored in another country or server.

Advertisement

Regulations like GDPR, HIPAA, SOX etc., may also become a hurdle because the actual compliance and management resides outside of your control.

Unexpected expenses

Adopting the cloud’s pay-as-you-go model can be flexible and may seem to lower hardware costs. But if you calculate the overall price tag in the long run it can turn out to be expensive. Constant syncing of all users and their devices to the cloud can also lead to increased bandwidth overhead.

Vendor lock-in can also be another disadvantage for cloud computing. Switching between cloud platforms can lead to configuration complexities, additional costs and downtime. Compromises made during the migration process can lead to security and privacy vulnerabilities.

Single point of failure

A recent configuration error on Google cloud servers disrupted services for up to four and a half hours and affected huge brands like Snapchat, Vimeo, Shopify, Discord, and Pokemon GO. Since cloud computing services are internet based, service outages can happen anytime and can occur for any reason and you have very little control over the whole situation. If a central controller is compromised, your data could be compromised as well.

Decentralizing the cloud

Although the existing cloud model is hugely successful, an upcoming generation of platforms plan to overcome some of the challenges cited above by focusing on decentralizing the cloud infrastructure with AI and blockchain. This new cloud model can support scalable applications while retaining safeguards of a decentralized, trust-minimized ecosystem.

According to a study by research firm IDC, by 2020, 45% of all data generated by IoT devices will be stored, processed, and analyzed at the edge of a network or close to it. The decentralized model uses the power of edge computing – moving processes and storage to the device at the edge of the network. The central server simply acts as a switchboard that enforces policies and creates point-to-point connections between data stored at endpoints or source locations. Edge computing enables endpoints to have their own cloud functionality of remote access, sharing, streaming, collaboration and file management.

“As opposed to centralized cloud storage that requires transferring and storing duplicated files over the internet to a central datacenter located miles away, a decentralized cloud or edge computing architecture addresses the inefficiency issues of uploading, downloading and syncing subsets of data to the limited storage capacity of cloud servers,” explains Thomas Ward, VP of Qnext, a developer of on-premises edge services.

In general, a decentralized architecture may provide additional security to cloud functionality. Files can be kept locally behind a firewall in select geographic locations and access controlled to protect the privacy and secret exfiltration from third parties, law enforcement and foreign powers. Data is not duplicated to third-party servers or secondary locations, which reduces the attack surface. Since files and storage are in an organization’s control, this also accelerates compliance with other regulations.

A decentralized cloud system runs on blockchain, making security of the network far stronger than what the current infrastructure offers because it provides security via compartmentalization. Even if attackers are able to access a block of data, they cannot infiltrate it as it is only a partial file. The architecture also splits files into small portions and replicates data across distributed file systems providing redundancy via multiple nodes. If a node is hacked or brought down, other nodes continue to function, presenting a failsafe that increases cloud stability.

This change in storage models won't happen overnight. But given the volume at which data is growing and the speed at which new devices (including IoT) are being added to networks, there will be paradigm shift in cloud security strategies. And because the storage market is so large it’s conceivable that we’ll see more organizations following suit with a decentralized cloud computing approach.

“The decentralized cloud or edge computing architecture differentiates it from the centralized model used by file sync and share platforms. It improves the organization’s security posture, allows access to all storage, ensures privacy, keeps the management of organizational files under organizational control, and leverages the organization’s existing storage infrastructure,” says Ward.

Food for thought. What do you think? Let me know by writing me at michelled@towerwall.com.

Copyright © 2019 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!