Archived website

This online community was active in conjunction with the Digital Agenda Assembly 2012 and is now archived and available for institutional memory. You can now join the discussion at

I was recently interviewed re Cloud Computing

danielsteeves's picture
Submitted by danielsteeves on Sat, 2012-06-16 14:50

At the recent Cloud Computing World Forum at Earls Court in London, I was interviewed regarding my opinions about cloud, today.

I post it here as I was asked also about Gartner's recent statements about the EU and Cloud technology and I think I provide a sound answer .. I would appreciate any feedback overall and hope I make some sense

The link goes to my blog where I introduce the video and then just click on the picture


Group audience: 
1 user has voted.


aserocarmela's picture
Submitted by aserocarmela on Sun, 2012-06-17 00:24

Thanks a lot for your contribution Daniel. Also because the interview well combines technical and business/economic aspects. It seems that the London event produced lot of food for thought we can further elaborate at the Digital Agenda Assembly.
Comments from the Cloud group very welcome. Less than one week to the Digital Agenda Assembly, seize the opportunity to have your say. Don't be shy! :-)

0 users have voted.

Engberg's picture
Submitted by Engberg on Sun, 2012-06-17 11:08

I think you are missing the main points.

Pragmatism is one thing. As if Europe is smarter than US in just jumping on yet another hype wagon.

But in reality we have pragmatism on two levels.
First mover risktaking and igoring longterm problems.

The first is the "1.0" discussion - the second much more fundamental questioning the consequences of cloud(s) without changing security structures - cloud is "public" as you say.

The second discussions is about "digital polution" - both in terms of basic security and in terms of economy - cloud is sold on operational costs, but nobody assess the fundamental damage to market processes as such. Analogy a little like letting your uncleaned sevage straigth into the rivers.

Unless very carefully designed to ensure sustainability and controls remain outsoude cloud, cloud is a commercial attack. So is/was hosting, but cloud is scaling this into the extreme.

Companies and governments are selling out and starting with selling their customers and partners to the cloud services providers.

SLAs and regulation are NOT going to cope with the problems. There have to be more basic precaustions built-in.

0 users have voted.

danielsteeves's picture
Submitted by danielsteeves on Sun, 2012-06-17 11:54

I am speaking of a commercial pragmatism which, while clearly related to risk taking is also and has pretty much *always* been a leading edge v. bleeding edge attitude.

While very much a cultural distinction in terms of how business is practiced (and is mirrored very much in the way our EU venture capitalists invest - or do not invest - in comparison with the American VC community)

Security issues come down very much to separated discussion of private v public but should always be related to actual requirements: you get what you pay for.

As for the rest of your points you seem to agree with what I have said so I would have to say that you have missed my point: I did not start a socio-political argument about cloud merely a commercially orientated set of advice.

As for your technical views about delivery, you are not wrong but it is a matter very much the standard set of:
- buyer beware
- you get what you pay for
- read the small print before you sign

oh and by the way, while I understand that you do not know me or anything about me, a visit to my LinkedIn profile would show 30+ years architecting and designing very large scale solutions both inter- and intra- border, internationally. Again, while very much a cultural distinction in terms of how business is practiced, the US leading and EU following is neither an insult nor even a comparison: it is a practical reality that I have experienced across my career at all levels of interaction.

I didn't say that we were smarter... I simply pointed out what was what: it is easy to retrospectively select examples or success or failure from examples of history but, like any such exercise, it is easy to prove either point.

0 users have voted.

Engberg's picture
Submitted by Engberg on Sun, 2012-06-17 13:59

It may not have been clear but I agreed on your point of shortterm commercial pragmatism.

But I disagree on your take on security - it is not a one-dimensional quesion of getting what you pay for.

It is a "Heureka, the world is not flat" kind of question. Cloud is scalling rtisks to the point, where the old style
of thinking simply cannot cope. E.g. see this

The risks are bigger than the risk concentration leaading to the financial crises and with the same kind of determinism.

I would actually go as far as saying that the banking crisis can be seen as the first consequences of the old way of thnking security as it has been eroding european competitiveness. Problem was of course worsened by the political to e.g. - but non-the-less the drop in european competitiveness put pressure to create growth and - lacking other means and no economic models to help - politicians just started printing money.

We are in the middle of a state crisis - it can get even worse.

0 users have voted.

danielsteeves's picture
Submitted by danielsteeves on Sun, 2012-06-17 23:08

I see that we are agreeing about the same things but from different points of view :)

Also from the security side the juxtaposition of views is interesting: data privacy and legal requirements, compliance, cookies etc. are certainly an angle that requires consideration .. and on the flip side, from the operations perspective of the business, are fundamental business (and legal) focused security requirements ranging from protected partitioning of memory segments all the way down to dirty disk syndrome!

And of course you are right... the crisis goes beyond all of this (though at the time of writing this note the election seems to have gone the right way!) but then again crisis or no, business will go on and all of these systems need to keep delivering, as required and as expected!

0 users have voted.

Engberg's picture
Submitted by Engberg on Mon, 2012-06-18 15:05

We do not agree if you think that I am talking about policies or more complex requirement to handle these issues.

My point is there can never be security in cloud and risks are escalating out of control - so control cannot be in cloud - full stop

Just as we separate trafic lanes when cars begin to drive too fast so crashes would be dramatic, so must we separate transactions in cloud assuming everything will crash.

Recovery - from point of view of the company - should be as simple as restoring the backup and ignore the failed system - whatever the reason.

Revocation has two levels.
1) From the perspective of custuomer it should be as simple as revokating the identity and creating a new one without the unwanted attributes / new keys. As long as no external can link the new identity with any other identity of the customer and the old identity was no identified, then the customer and system are both safe - nomatter the attack scenario.

2) From the perspective of the corporate, revocation should involve revoking the ld corporate keys, creating new corporate keys and the ability to retake control of all existing customer contacts shutting an attacker out.

The worst case scenario under 2) should be that the attacker got a full copy of all cloud data and source, but are STILL not able to refer them to any real-world entity.

In other words - the only secure way to design for cloud is total distrust in cloud.

The effect, however, is that most the bureucratic red tape and barriers for sharing can be eliminated. You dont care about policies if the policy merely states, that YOU have real control - even when it fails. And EU dont care where data is stored, when control remain in the hands of citizens.

The only problem - of course - is eliminating of secondary abuse potential. Very sad as the good guys win and the bad guys loose.

Pesonal data is NOT an asset -they are a liability to all honest providers.

0 users have voted.

Engberg's picture
Submitted by Engberg on Mon, 2012-06-18 15:43

Business will not "go on" as they are not "delivering".

The present process is a negative spiral where evermore aggressive players in infrastructure are actively attacking everyone. Europe is bleeding competitiveness and jobs due to infrastructure technologies leaking their most critical data.

Companies and citizens are getting profiled from the outside and the data used to e.g. frontrunning, "stealing" customers (intermediation/commoditisizing) or managing perceptions in the interst of the market maker.

This is hurting everyone, but Europe the most

We do require a radical departure from existing trends or see markets concentrate in the hands of a few all-powerfull brokers and the interests guiding these. And of these interests, NSA armed with US Patriot Act is the least of our concerns.

These players do their outmost to appear "nice" - but reality is that they can almost do as they like - and do do so to the limit of scaring away providers.

So no - business will not "Go on" delivering - Europe is drowning as we are under attack. Business is not a friendly game, it is war with other means. If you don't win (enough), you die.

0 users have voted.

People's picture
fhardes's picture
fredriklinden's picture
keneastwood's picture
Nicholas Bentley's picture
JacintaArcadia's picture
Loankanassy's picture
Kasper Peters's picture
Kristijan Jakic's picture
lpujol's picture
Digital Agenda Assembly engagement
glqxz9283 sfy39587stf02 mnesdcuix8
glqxz9283 sfy39587stf03 mnesdcuix8
glqxz9283 sfy39587stf04 mnesdcuix8