Cloud services and BYOC

In 2004 I was talking about a new model for client computing, this depended on a change in the security perimeter around the end point computer.  At that point in time companies had got used to hiding behind a firewall with everything outside being a threat.  Everything inside was of course considered to be safe.

I argued that the changing attitudes to technology in the younger generations would mean this could not stay the same.  People wanted more flexible computing, similar to their home computing experience.  Not only that this kind of experience was becoming available to people on mobile devices, windows mobile was showing that computing could be done independently of the office machinery.  I could see that this would spill onto a new computing paradigm and I highlighted the windows tablet as the thing that would make this happen.

Well things did not go as I hoped with the windows tablet, thanks in part to the emergence of the "Convertible" tablet preventing a windows version of the iPad emerging.   However the iPhone did emerge and it was followed by its bigger brother the iPad that spawned a myriad of other devices, even proper windows tablets.  Along with this has come the "new" concept of BYOC, bring your own computer.  Finally the rest of the world has caught up.

Sadly the software that I was looking for nearly 10 years ago has not emerged.  This would have protected any data wherever it was stored from access by anyone that did not have permission to see it.  Instead we have the much more blunt and ineffective tool of whole disk encryption.  This is not nearly good enough to ensure security as it does not focus the user on the value of their data but instead gives them the illusion of protection by technology silver bullet.  It will work well right up to the point that the password is breached at which point it divulges everything.   That means the encrypted device in a bag with a password reminder or worse that has the username and password written on the lid (don't laugh I've seen this!) is as vulnerable as if it was not encrypted at all.

Companies are aware of this but right now it is considered the thing to do, and it gets the data commissioner off of your back.  Is this good enough for the future of computing?  I do not believe so, but I also believe that locked down computing is also a thing of the past and BYOC is inevitable.  Cloud computing can offer some solutions here but without ubiquitous everywhere high speed communications it cannot provide a solution without caching data on the local device.

When it comes down to it though even cloud computing cannot be sure that the person accessing the data is indeed the person that should be.  Before any of this can be truly effective a true, incontrovertible single identity to use for authentication will be necessary.  Achieving this is the real first step into the new world of computing.