• United States




How a decentralized cloud model may increase security, privacy

Jul 12, 20195 mins
Cloud SecurityData PrivacySecurity

A new cloud model can support scalable applications while retaining safeguards of a decentralized, trust-minimized ecosystem.

distributed / decentralized network connections across the globe
Credit: NicoElNino / Getty Images

Whether it’s Amazon Web Services (AWS), Dropbox, Citrix, Microsoft or Google, all cloud storage vendors use the same basic principle — they all sync and copy to a centralized cloud server cluster via the internet. Millions of users and their devices every second connect to these central cloud clusters to store and access files that are associated with their online accounts.

The cloud has been one of the greatest success stories of my generation, but a centralized server architecture has its shortcomings.

Loss of control

The dependence on remote, cloud-based infrastructure means taking on the risks of outsourcing everything. Even though most cloud computing platforms implement best of breed security practices, storing sensitive data and important files on servers belonging to external service providers presents its own set of risks. For example, most service providers take back-ups for off-line availability, creating multiple copies of files in various servers across geographies and leading to a broader threat surface.

And, though not the fault of the cloud provider, server misconfigurations leading to data leaks have become so common that they hardly make headlines anymore. One recent such example is the leak of a Dow Jones Watchlist Database, containing identities of government officials.

Privacy can also be a disadvantage for the cloud. Information on a public cloud can be legally and secretly accessed and exfiltrated by the provider, law enforcement agencies and in some cases foreign powers. The passing of the CLOUD Act last year obligates cloud providers like Amazon, Google and others to submit evidence to law enforcement should they be served a warrant — even if the evidence is stored in another country or server.

Regulations like GDPR, HIPAA, SOX etc., may also become a hurdle because the actual compliance and management resides outside of your control.

Unexpected expenses

Adopting the cloud’s pay-as-you-go model can be flexible and may seem to lower hardware costs. But if you calculate the overall price tag in the long run it can turn out to be expensive. Constant syncing of all users and their devices to the cloud can also lead to increased bandwidth overhead.

Vendor lock-in can also be another disadvantage for cloud computing. Switching between cloud platforms can lead to configuration complexities, additional costs and downtime. Compromises made during the migration process can lead to security and privacy vulnerabilities.

Single point of failure

A recent configuration error on Google cloud servers disrupted services for up to four and a half hours and affected huge brands like Snapchat, Vimeo, Shopify, Discord, and Pokemon GO. Since cloud computing services are internet based, service outages can happen anytime and can occur for any reason and you have very little control over the whole situation. If a central controller is compromised, your data could be compromised as well.

Decentralizing the cloud

Although the existing cloud model is hugely successful, an upcoming generation of platforms plan to overcome some of the challenges cited above by focusing on decentralizing the cloud infrastructure with AI and blockchain. This new cloud model can support scalable applications while retaining safeguards of a decentralized, trust-minimized ecosystem.

According to a study by research firm IDC, by 2020, 45% of all data generated by IoT devices will be stored, processed, and analyzed at the edge of a network or close to it. The decentralized model uses the power of edge computing – moving processes and storage to the device at the edge of the network. The central server simply acts as a switchboard that enforces policies and creates point-to-point connections between data stored at endpoints or source locations. Edge computing enables endpoints to have their own cloud functionality of remote access, sharing, streaming, collaboration and file management.

“As opposed to centralized cloud storage that requires transferring and storing duplicated files over the internet to a central datacenter located miles away, a decentralized cloud or edge computing architecture addresses the inefficiency issues of uploading, downloading and syncing subsets of data to the limited storage capacity of cloud servers,” explains Thomas Ward, VP of Qnext, a developer of on-premises edge services.

In general, a decentralized architecture may provide additional security to cloud functionality. Files can be kept locally behind a firewall in select geographic locations and access controlled to protect the privacy and secret exfiltration from third parties, law enforcement and foreign powers. Data is not duplicated to third-party servers or secondary locations, which reduces the attack surface. Since files and storage are in an organization’s control, this also accelerates compliance with other regulations.

A decentralized cloud system runs on blockchain, making security of the network far stronger than what the current infrastructure offers because it provides security via compartmentalization. Even if attackers are able to access a block of data, they cannot infiltrate it as it is only a partial file. The architecture also splits files into small portions and replicates data across distributed file systems providing redundancy via multiple nodes. If a node is hacked or brought down, other nodes continue to function, presenting a failsafe that increases cloud stability.

This change in storage models won’t happen overnight. But given the volume at which data is growing and the speed at which new devices (including IoT) are being added to networks, there will be paradigm shift in cloud security strategies. And because the storage market is so large it’s conceivable that we’ll see more organizations following suit with a decentralized cloud computing approach.

“The decentralized cloud or edge computing architecture differentiates it from the centralized model used by file sync and share platforms. It improves the organization’s security posture, allows access to all storage, ensures privacy, keeps the management of organizational files under organizational control, and leverages the organization’s existing storage infrastructure,” says Ward.

Food for thought. What do you think? Let me know by writing me at


Michelle Drolet is a seasoned security expert with 26 years of experience providing organizations with IT security technology services. Prior to founding Towerwall (formerly Conqwest) in 1993, she founded CDG Technologies, growing the IT consulting business from two to 17 employees in its first year. She then sold it to a public company and remained on board. Discouraged by the direction the parent company was taking, she decided to buy back her company. She re-launched the Framingham-based company as Towerwall. Her clients include Biogen Idec, Middlesex Savings Bank, PerkinElmer, Raytheon, Smith & Wesson, Covenant Healthcare and many mid-size organizations.

A community activist, she has received citations from State Senators Karen Spilka and David Magnani for her community service. Twice she has received a Cyber Citizenship award for community support and participation. She's also involved with the School-to-Career program, an intern and externship program, the Women’s Independent Network, Young Women and Minorities in Science and Technology, and Athena, a girl’s mentorship program.

Michelle is the founder of the Information Security Summit at Mass Bay Community College. Her numerous articles have appeared in Network World, Cloud Computing, Worcester Business Journal, SC Magazine, InfoSecurity,, Web Security Journal and others.

The opinions expressed in this blog are those of Michelle Drolet and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author