This was the recent title on an article published on Fox Business.* According to the article, Tom Bossert, Trumps point person on cyberterrorism, will launch the government’s platform to the cloud into “high gear.” When the cloud term first hit the IT industry, I thought it was a clever way to describe software as a service or SAAS. Salesforce.com was the first company to really monetize the concept successfully. Then cloud morphed into the ability to get resources when you need it without paying for the infrastructure. Amazon curiously entered into this space and allowed developers to test their applications and web sites on as many resources as they could afford. Companies could anticipate how much resources they would need if lightening struck. We call it the “Oprah Effect.” I’m sure someone else coined the phrase and I would give them the credit but I simply don’t know who it was. The “Oprah Effect” was if you had a client who got booked on the “Oprah Winfrey Show,” most likely the next day your client’s web site would surge in traffic sometimes crashing the server itself. With Amazon cloud services or others you could test how much traffic your site could take before it failed. Or you could create a fail-over to Amazon, it which their servers would handle the increase in resource requirements. Then the term cloud was thrown around as using someone else’s data center. If you used another company’s data center, it became a “public” cloud. If you build your own data center, it became a “private cloud.” So this leads me to where we are today. I don’t think the term cloud has any real meaning anymore. The marketing departments have created so much confusion that you really have to ask what they mean by the term cloud.
In Bossert’s statement, it appears that he is attempting to centralize all federal information into one huge cloud or data center. Although there are advantages to this approach, you can centralize all operations, patch management, cost savings. There are also disadvantages, you now give adversaries one main target to approach. If a hacker gets access to one system, they could theoretically access multiple other information data bases. In my opinion, it sounds more like a sound bite than a real strategy. To consolidate most of the federal systems under one cloud would be a huge undertaking. The complexity of which would take decades to complete. Frankly, they don’t even know where all their data centers are physically are located.** And that is just at the Federal level. Add in State, County and City data centers, it would an insurmountable task.
So maybe instead of planting a sound bite that moving to the cloud would have prevented the WannaCry attack maybe start with keeping your OS current. The vast majority of people infected were individuals running Windows 7 or Windows XP. In tech terms, that is extremely dangerous in today’s security environment. Or maybe I’m wrong.