Cloud Computing Thoughts

Page 1 of 4 (79 items) 1 2 3 4 Next >
This post has 78 Replies | 1 Follower

Posts 521
Russ White | Forum Activity | Posted: Tue, Jun 1 2010 5:19 AM

An article from Network World:

==

"In almost all cases if you have a IaaS or PaaS service then you should be encrypting your data at rest. Be sure the Key server is not also stored in the cloud service as this would defeat the purpose. Have the key server be at your corporate site or some other site not related to the cloud provider. Why should your data you ask? Well, in a nut shell when you move data the question of "Is it still just your data" becomes a very real one.

Cloud providers are subject to law enforcement subpoenas, surveillance and data seizure activities that you wouldn't normally be subjected to in your own Datacenter. Loss of 4th amendment rights for US companies are also at issue. By moving data to a cloud service you may be decreasing your protection from search of your data by law enforcement and civil plaintiffs? A warrant with a gag order mean that’s that your cloud provider must provide your data without notifying you they did so. Ability to protest a warrant is also compromised because the warrant is issued to the provider not your business. There is no legal obligation for the cloud provider to inform their customers that data was given because of a court order, etc.

In one case the FBI seized assets the physical assets/servers from a co-location provider. Over 50 innocent companies were shutdown in the process because their data was intermingled with the FBI target. Read more here FBI raids Data Center . When one of the affected companies tried to sue the texas court ruled that the FBI had the right to do this."

==

"Cloud services do not lend themselves well to the methodical collection of digital forensics. If you do have a security breach, digital forensics become critical to finding out how extensive the breach was. Several state and local governments now have "breach notification" laws on the books. In addition the healthcare hi-tech law and PCI require you to notifiy customers of a breach. The notification methods sometimes vary based on the size of the breach. Be sure your contract provides you with the necessary forensics capabilities you'll need. Chain of custody is also an issue. Be sure your provider will not hamper your ability to prosecute criminals. Ask them about how they handle log and other important data."

==

"An often-overlooked issue is how cloud providers deal with the protection of your data during and after a natural disaster. For example, if a hurricane hits their datacenter and rips it apart what are their procedures for keeping your data secure. In many cases the physical access controls will be rendered inoperable by the storm and worst case servers could be strewn throughout the site. They need to show you a comprehensive plan for securing the site and your data during the clean up effort. You don't want volunteers picking up the pieces."

==

http://www.networkworld.com/community/node/61877

Just some things to think about for those who think I'm being a ninny about security in this whole "move to cloud" game. IMHO, cloud will be another option in the mix--it won't "take over the world." People are getting more concerned about their privacy, not less. For instance, see:

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/05/30/BUPP1DL6DN.DTL

http://www.washingtonpost.com/wp-dyn/content/article/2010/05/28/AR2010052804853.html?hpid=topnews

(removed a section here, because of corrections to the second article above)

Of course the answer will be, "just don't put your data in there in the first place," as it always is. But then I'll say what I've always said--that's not a realistic answer. The realistic answer is--put your data in there, and I'll let you keep it where you want it, rather than where I want it.

:-)

Russ

Posts 232
AndyTheGreek | Forum Activity | Replied: Tue, Jun 1 2010 6:19 AM

Here's an interesting presentation by a Law Firm concerning Cloud Computing:

http://www.secureit.com/resources/Cloud%20Computing%20Mills%20Nixon%20Peabody%205-09.pdf

I have no objection to using Clouds per se. I may choose to set up, say, an EverNote account or a Google Mail account, which puts my data on the net. But I chose to do that.

Logos4 should both offer the choice and explain the risks involved.

Posts 691
Frank Sauer | Forum Activity | Replied: Tue, Jun 1 2010 6:34 AM

Choice is the key. There is a lot of personal information that can be in prayer lists, notes, etc... While I think that the concept is meant to be beneficial, there are very serious concerns with the privacy of the cloud...

I have heard two sides most frequent; first is basically who wants to hack a Bible software server and second don't put personal information on it; well both are pretty pathetic excuse to just fall in line and accept a problem.

First, a Bible software server with personal information and prayer lists on it, could very well be a prime target especially for political warfare... Politics have lead to breaking into offices and hacking email accounts, think a prayer list that can have very damaging information won't be a prime target.

Secomd if we don't use the feature, why have it available or why purchase the software if that is the argument. Just as there is a hidden option to set an update channel, there should be the same for what transfers through the cloud...

I know the argument is it saves Logos a lot of resources, both time and money... However if by some horrible occurence privacy is violated in such a way, lawsuits are much more costly and time consuming, even if they are won... The name damage alone would have potential buyers scared away...

Posts 11433
DMB | Forum Activity | Replied: Tue, Jun 1 2010 6:34 AM

I don't think you're a ninny. A good reason to have a 'forum' is just that; a means of discussing various issues and their perceived significance. When I chose to reply to this message, on my browser (Opera), I quickly moused up and enabled cookies and javascript and did a refresh to pick up the Logos-sign in cookie. I run as light as possible (cookies/scripts/plugins off)  and for years had no trouble with junk email etc. When I install software, and the software wants an internet connect or 'act as a server', the answer is always 'no' unless I know why. I don't accept software developers' assumption of 'owning' my PC as a tradeoff for using their software. To me, that's like inviting a salesman over to see his wares, and him dirtying up my carpet (saying it's part of 'the deal'). Poor courtesy is poor courtesy and life is too short. That's why periodically Logos raises my eyebrows a bit. But as Dan recommended, I keep Logos' internet connect turned off, update every now and then, and am pleased as punch with Bible study and Logos. But I AM curious why Logos likes to know about people's prayer lists. Now that is a bit strange.

 

 

"God will save his fallen angels and their broken wings He'll mend."

Posts 691
Frank Sauer | Forum Activity | Replied: Tue, Jun 1 2010 6:39 AM

Also forgot one common rant for all the emphasis and protect the cloud talk that goes on.... Why not make the cloud truly useful... Since the all knowing cloud has our license information, why is it that I have to search cds/dvds for resources not on the server when I did a fresh install after cleaning my HDD? I still have to spend the time to find out what 11 resources are missing from my laptop that I have on my desktop... You'd think the cloud would be able to have a report that you can pull telling us what resources are missing....

Posts 4508
Robert Pavich | Forum Activity | Replied: Tue, Jun 1 2010 6:45 AM

Frank Sauer:

I have heard two sides most frequent; first is basically who wants to hack a Bible software server and second don't put personal information on it; well both are pretty pathetic excuse to just fall in line and accept a problem.

Frank, you may characterize personal responsibility as "a pathetic excuse" but Logos has said since the beginning....don't store personal info in your notes if you aren't comfortable...it's just bible notes and not the level of security intended for things like bank transactions.

Do you email your bank card number and your pin to people?

If not, why not? Could it be because you know the security limitations of email and are taking some "personal responsibility"?

Personal responsibility is not a "pathetic excuse."

 

Sorry...

Robert Pavich

For help go to the Wiki: http://wiki.logos.com/Table_of_Contents__

Posts 4508
Robert Pavich | Forum Activity | Replied: Tue, Jun 1 2010 6:46 AM

Frank Sauer:
Since the all knowing cloud has our license information, why is it that I have to search cds/dvds for resources not on the server when I did a fresh install after cleaning my HDD?

I've reformatted 50 times since the beta cycle started and not once have I had to do that. All came from the cloud just fine.

Robert Pavich

For help go to the Wiki: http://wiki.logos.com/Table_of_Contents__

Posts 232
AndyTheGreek | Forum Activity | Replied: Tue, Jun 1 2010 6:52 AM

DeniseBarnhart:

I don't think you're a ninny. A good reason to have a 'forum' is just that; a means of discussing various issues and their perceived significance. When I chose to reply to this message, on my browser (Opera), I quickly moused up and enabled cookies and javascript and did a refresh to pick up the Logos-sign in cookie. I run as light as possible (cookies/scripts/plugins off)  and for years had no trouble with junk email etc. When I install software, and the software wants an internet connect or 'act as a server', the answer is always 'no' unless I know why. I don't accept software developers' assumption of 'owning' my PC as a tradeoff for using their software. To me, that's like inviting a salesman over to see his wares, and him dirtying up my carpet (saying it's part of 'the deal'). Poor courtesy is poor courtesy and life is too short. That's why periodically Logos raises my eyebrows a bit. But as Dan recommended, I keep Logos' internet connect turned off, update every now and then, and am pleased as punch with Bible study and Logos. But I AM curious why Logos likes to know about people's prayer lists. Now that is a bit strange.

I don't think Logos wants to know anything about our Notes and Lists etc. They are presenting this as a service that allows me to use Logos from anywhere in the world (that can connect to the Net) and 'voila' my Notes and Lists and highlighting etc are available to me instantly. It's a noble purpose and I'm sure they have offered it sincerely.

However, I think they have also offered it naively and with too much 'innocence'. If this were a perfect world, it would be a great feature. But it's far from a perfect world and, as some of the above posts mention, Government agencies may gain access to our data with us never knowing. As Logos' cloud is actually Amazon's cloud, this risk is quite real - too real to ignore.

Of course, no-one should write slanderous or illegal notes. But personal notes and prayer lists could easily contain information that we simply want to remain private for no other reason than it's personal.

Logos needs to make this more sophisticated, provide use with choice that doesn't involve not using the software and, most important, explain upfront that using this software/feature will result in personal data being stored on someone else's servers. In fact it should seek permission to do this before switching the feature on.

Posts 232
AndyTheGreek | Forum Activity | Replied: Tue, Jun 1 2010 6:56 AM

Robert Pavich:
Frank, you may characterize personal responsibility as "a pathetic excuse" but Logos has said since the beginning....don't store personal info in your notes if you aren't comfortable...it's just bible notes and not the level of security intended for things like bank transactions.

Until I read these threads (i.e. the ones appearing over the last few weeks) I didn't realise what was happening. Where do Logos say this? During the sales process? During the installation? When turning 'Use Internet' On?

If they do provide this info in these ways, then I am mistaken and happily withdraw some of the things I have said - I must have missed it. But if it's buried in the Licence agreement or is only on the Blogs/Forum/Wiki etc then i don't think they are saying it loud enough...

Posts 8967
RIP
Matthew C Jones | Forum Activity | Replied: Tue, Jun 1 2010 7:29 AM

Russ White:
Just some things to think about for those who think I'm being a ninny about security in this whole "move to cloud" game.

Your word, not mine Big Smile In reality, the forum has worked very well for me on this issue.After very much hashing it out, my perspective has been successfully moved by Andy Bell's calm reasoning, to encourage the option of choosing a local (off-cloud) storage of personal data.

If I am about to board a 747 and notice my pilot has knocked back a row of beers Beer Beer Beer Beer Beer Beer Beer , I can choose not to board the plane, ask for the co-pilot to take charge, report the drunk pilot, or try to man the cockpit myself. If I choose the last option it will be the last option I choose. The air marshalls will not call me a "ninny" but a terrorist and deal with me harshly.

Russ White:
IMHO, cloud will be another option in the mix--it won't "take over the world." People are getting more concerned about their privacy, not less
This whole "privacy" issue is funny to me. I was raised in Japan, a country that is all about group-think. The reality of the Spiritual War Eph 6:12  being waged is masked by trivial concerns like "I wonder what AT&T, Coke or Logos are doing with my private data." Those who yell loudest for privacy are sure drawing a lot of attention to themselves. The Whack-a-Mole arcade game should teach us to duck when that hammer is coming down. The best defense against attack is to be invisible. An option for off-line (local) storage makes a lot of sense. Thanks to everybody for hashing it out for so long and to Andy Bell (Yes, that is his real name Smile) for stating it quietly enough for me to hear it.

 

Logos 7 Collectors Edition

Posts 82
James Ng | Forum Activity | Replied: Tue, Jun 1 2010 7:36 AM

If it is of concern to people, vote on the uservoice suggestion so Logos for it.

http://logos.uservoice.com/forums/42823-logos-bible-software-4/suggestions/660833-add-an-option-that-allows-a-user-not-to-upload-the?ref=title

 

Posts 691
Frank Sauer | Forum Activity | Replied: Tue, Jun 1 2010 8:35 AM

Robert Pavich:

Frank Sauer:

I have heard two sides most frequent; first is basically who wants to hack a Bible software server and second don't put personal information on it; well both are pretty pathetic excuse to just fall in line and accept a problem.

 

Frank, you may characterize personal responsibility as "a pathetic excuse" but Logos has said since the beginning....don't store personal info in your notes if you aren't comfortable...it's just bible notes and not the level of security intended for things like bank transactions.

Do you email your bank card number and your pin to people?

If not, why not? Could it be because you know the security limitations of email and are taking some "personal responsibility"?

Personal responsibility is not a "pathetic excuse."

 

Sorry...

 

Robert please don't take this the wrong way, but that is a pathetic apples to oranges comparison! Bank activity to a prayer list in a program created to track prayer??? Personal responsibility...??? Is it irresponsible of the user to want to use a program that they purchade for the full capabilities or irresponsible of the company for not allowing an opt out on specifics??? In L4 it is all or nothing. Either use L4 or not. Or either use internet function for things like study guides you create or not use them because Logos refuses to allow the end user the choice of what information is hovering in the cloud. Then the question arises if a user did not know from the beginning about the extent of the cloud, then later decides to turn the internet access off... Does any previouslycloud accepted information then get removed from the cloud??? I haven't noticed it happen when I tried turning off internet, all information still was available... So please Robert do not patronize me/those of us who has a serious concern with privacy and lack of control over it with something as ignorant as sending your bank account information through an email... Prayer Lists were supposed to have been created to be a journal record of prayer items thus we are just asking to be able to use this feature without putting potentially devastating information in a hackable cloud. Emails are not created to process bank transactions nor are they ever insinuated to be created for such use, other than by scam artists...

 Also are we asking for a lot, look around at things like Facebook and the privacy issues they are being drilled about. By no means am I comparing what Logos is doing to Facebook or Google, however it very well could fall under some laws that many are calling for to be created, which would mandate software companies/service providers allow users full choice on the who, what, when, where and whys of what is in a cloud or records or being sold... It may very well be beneficial for Logos to implement as a precaution instead of scrambling if this type of legislation gets signed into law...

 

Posts 5573
Forum MVP
Rich DeRuiter | Forum Activity | Replied: Tue, Jun 1 2010 9:14 AM

Andy Bell:
If they do provide this info in these ways, then I am mistaken and happily withdraw some of the things I have said - I must have missed it. But if it's buried in the Licence agreement or is only on the Blogs/Forum/Wiki etc then i don't think they are saying it loud enough...

Those concerned with privacy and confidentiality should always, always carefully read EULA's. Take responsibility folks. I'm not a huge privacy advocate, but I have refused software because of what an EULA said.The EULA is the primary means by which a company is bound to any legal responsibility. Not reading an EULA, is like not reading the warning label on a bottle of medicine (as a volunteer firefighter, I've seen the effects of that sending people to the emergency room.).

Logos' EULA is quite short and easy to read in comparison to most, and the section on confidential information is a heading, in large, blue, bold type. Even a cursory glance through the EULA would draw your attention to it. The fact of online data storage, is also discussed openly (no legalese, nor small print).

I found the EULA online in less than a minute by searching for it within Logos' web site.

EDIT: for some reason the forum software reduced the font size.

Oh, and here's the URL for the EULA:

http://www.logos.com/ArticleViewer/2090

For your convenience, I'll quote the relevant parts here:

First the warning to read the "warning label:"

Please note:  This is the contract that all users of Logos Bible Software must agree to in order to use the software.

CAREFULLY READ THE FOLLOWING LICENSE AGREEMENT. BY CLICKING ON THE "I ACCEPT THE TERMS OF THE LICENSE AGREEMENT" BUTTON AND CLICKING THE NEXT BUTTON, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. THIS PRODUCT REQUIRES USER REGISTRATION AND WILL CEASE TO FUNCTION IF USER REGISTRATION IS NOT CONFIRMED. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE "CANCEL" BUTTON, AND, IF APPLICABLE, RETURN THIS PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.

Next the section on on line data storage (this is the entire section):

ONLINE BACKUP

 

Data you enter into the Software, including notes, settings, preferences, and documents, will be automatically backed up to Logos.com over the Internet, and downloaded to other instances of the Software logged in using your email and password. This automatic synchronization helps you access your content on multiple computers and may be used to let you use your own data online. Logos will not share your data without your permission, but may examine it programmatically for anonymous statistical purposes or in order to provide technical support.

DO NOT STORE HIGHLY CONFIDENTIAL INFORMATION IN THE SOFTWARE. The Software is designed for consumer reference and study purposes, and while we will take all precautions to protect your data, we cannot ensure the level of security you would expect from online banking or other highly secure services.

You are responsible to keep the password associated with your Logos.com login private. It is the primary means of security for data synchronized through the Software.

 

Finally the entire section on Confidentiality (as if the above weren't enough):

 

CONFIDENTIALITY

 

The Software contains trade secrets and proprietary know-how that belong to us and it is being made available to you in strict confidence. ANY USE OR DISCLOSURE OF THE SOFTWARE, OR OF ITS ALGORITHMS, PROTOCOLS OR INTERFACES, OTHER THAN IN STRICT ACCORDANCE WITH THIS LICENSE AGREEMENT, MAY BE ACTIONABLE AS A VIOLATION OF OUR TRADE SECRET RIGHTS.

 

This looks pretty easy to understand to me. If you don't like it, don't just complain, suggest change.


 

 Help links: WIKI;  Logos 6 FAQ. (Phil. 2:14, NIV)

Posts 4508
Robert Pavich | Forum Activity | Replied: Tue, Jun 1 2010 9:18 AM

Frank,

I believe the last post pretty much outlines my point...

Quoting the EULA:

DO NOT STORE HIGHLY CONFIDENTIAL INFORMATION IN THE SOFTWARE. The Software is designed for consumer reference and study purposes, and while we will take all precautions to protect your data, we cannot ensure the level of security you would expect from online banking or other highly secure services.
You are responsible to keep the password associated with your Logos.com login private. It is the primary means of security for data synchronized through the Software.

The banking comparison that you thought was so "pathetic" was Logo's....not mine.

Robert Pavich

For help go to the Wiki: http://wiki.logos.com/Table_of_Contents__

Posts 521
Russ White | Forum Activity | Replied: Tue, Jun 1 2010 9:26 AM

Frank, you may characterize personal responsibility as "a pathetic excuse" but Logos has said since the beginning....don't store personal info in your notes if you aren't comfortable...it's just bible notes and not the level of security intended for things like bank transactions.

I've always thought it rather odd to put features into a piece of software and then ask users not to use those features, or refuse to be responsible for the results of users using those features. You can't have it both ways--you can't advertise your software as having all these really neat capabilities, and then say, "but we're not responsible if you actually use them." Either don't offer the features, and risk losing the business, or take the problems created by people actually using them seriously. Either Logos needs to take responsibility, and answer the sorts of questions contained in the article to its users, or Logos needs to allow users to keep their personal data--data they've entered--off the cloud.

The sum total of the "personal responsibility" argument is this: "I expect you to be personally responsible for the information you allow to be posted to a server you have no control over, but I will not give you the tools to control the flow of that information." If it doesn't seem to make any sense, that's because it doesn't, in fact, make any sense.

:-)

Russ

Posts 521
Russ White | Forum Activity | Replied: Tue, Jun 1 2010 9:44 AM

BTW, for anyone who's concerned about, there is a feature request out on uservoice.logos.com. The more people who vote for a privacy feature, the more likely Logos is to build it. I think it's important, probably the most important thing Logos can do right now, so I've put three votes on it.

:-)

Russ

 

Posts 4508
Robert Pavich | Forum Activity | Replied: Tue, Jun 1 2010 10:10 AM

Russ White:
I've always thought it rather odd to put features into a piece of software and then ask users not to use those features, or refuse to be responsible for the results of users using those features.

Russ, my brother...that's a straw man...not accurate at all.

They never said don't use notes.

They coded a notes feature into the software and said "this is how secure it is/isn't so don't store certain types of info there"

How is that saying "don't use this feature?"

 

C'mon...this is silly (that was intended for the whole thread and not you specifically) Logos has said repeatedly that their "notes" feature is akin to "your scribbled notes in the margin of your bible" and nothing more. And as everyone can see, they've been forthright from the beginning about what level of security the notes get...

Why all the complaining? I understand the idea that notes as they currently are doesn't "match my taste and preferences"  because frankly the notes don't match what I'd like to see, but that's a matter of my own preference, not poor design or Logos not being responsive to their customers.

I've chosen to use the notes in the way that logos intended, and keep my private stuff private.

Robert Pavich

For help go to the Wiki: http://wiki.logos.com/Table_of_Contents__

Posts 82
James Ng | Forum Activity | Replied: Tue, Jun 1 2010 10:26 AM

It still sounds like they want the best of both worlds without any sort of consequence to me. That's probably overstated, but it seems to me you can't have it both ways. You can't say here's a cool feature, but I don't want you to use it to full effect. ie, Notes may be a good example. The security part that I agree with what appears to be said or indicated is that "Don't use it for Private stuff" and we're not going to provide an option at this time and oh yeah if you do, you're on your own. It just seems like circular logic to me.

That said my general opinion is that this feature is important to me and I'm fine with agreeing to disagree.

ETA: This is of interest to me personally and professionally in that I am researching the Cloud Computing market for my company and I'm not quite sure how Logos arrived to their conclusions but that's their specific business :).

Posts 1150
Anthony H | Forum Activity | Replied: Tue, Jun 1 2010 10:41 AM

I agree that personal responsibility it of paramount importance and requires the individual to be diligent and realistic about usage on any system -cloud or otherwise.

But the probability is that this issue will come to a head via Federal and State mandate, if not sooner, certainly later.

For "Logos Inc." not to keep their eyes on the "prevailing winds" (meaning potential legislation and enforcement of Federal and State privacy standard) would be fiscally irresponsible as this would require Logos to "back build" into the existing version(s) or push production to the next version to meet the "probably" imposed/enforced standards.

Right now attention is on social computing but the eventual progress and heat will be on anything "cloud".

That being said, the brunt of some of these issues may fall on the data service providers rather than solely on the shoulders of "Logos Inc." Those, shall we say, like Amazon... where I believe "our" data, in part, resides.

Nevertheless, punching holes in a "sinking ship" is not the way to drain the water out.  (Logos is NOT the sinking ship...the stance on privacy responsibility is... that is either side.)

Posts 31318
Forum MVP
MJ. Smith | Forum Activity | Replied: Tue, Jun 1 2010 12:00 PM

Matthew C Jones:
to encourage the option of choosing a local (off-cloud) storage of personal data.

Just to make sure that there is no misunderstanding - everyone's data is stored locally, all the time. It doesn't take an option to store local.

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Page 1 of 4 (79 items) 1 2 3 4 Next > | RSS