Cloudy with a Chance of More Venture
Trust makes the world go round. Without trust, little is possible. Harry Potter author J.K. Rowling wrote, “Never trust anything that can think for itself if you can’t see where it keeps its brain.”
Quite fitting when you talk about trusting data that resides in the all-invisible cloud. The age-old argument for whether to self-host or outsource always boiled down to trust.
Cloud data is like the tree in the forest: when someone tampers with it, does anybody notice?
Of course security breaches can happen in any computing environment. Most breaches go unreported so much so that new legislation is seeking to put an end to that. But no law will stop outsider or insider threats and no bread crumbs will be left behind to track the culprits. Data and apps can be changed and you’re none the wiser for it.
Ironically, we are putting trust in cloud applications that are themselves promising things like IT governance, risk management and compliance. There are no limitations to what kinds of applications we’ll see in the cloud. The sky seems to define its limits. Consolidation is already happening, triggered last year by Citrix’s acquisition of Cloud.com for $160 million.
Private equity markets are bullish on cumulus. Forget about the euro-zone sovereign debt crisis; investors are throwing real pre-inflationary dollars into cloud-related enterprises.
Last year marked a 10-year high for venture capitalists in terms of deals and dollars: $30.6 billion was plowed into 3,051 companies, of which one-third were Internet related, says CB Insights. Online storage service Dropbox got the biggest drop at $257 million. This year is starting off just as hot. Joyent just announced an $85 million D round, bringing its total to date to about $115 million.
Other infrastructure-as-a-service (IaaS) players include RackSpace, MediaTemple, Terremark, GoGrid and VMware.
Joyent’s biggest competitor is Amazon Web Services, but to compare AWS with Joyent is like comparing a Toyota Camry (ubiquitous, serves most needs) to the Porsche Cayenne (high-end, power to spare). Or to hear it directly from its CEO David Young, “Amazon is the Kodak of the cloud…. I don’t want to dump on Amazon, but I just don’t think you can look to a book seller and grocery store for cloud innovation. On the other hand, we’re building a cloud alliance around the globe.” [http://tinyurl.com/7zumyzk]
One reason that makes Joyent so attractive to its customers and investors is that it has an answer to the big problem of trust.
It’s a relatively new solution jointly delivered by GuardTime and Joyent. Its primary task is to convert trust to proof without reliance on cryptographic keys for verification, but rather on mathematics.
GuardTime keyless signatures mathematically prove data integrity requiring only the use of the original data, the keyless signature for the signed data, and the integrity code that the company publishes in the Financial Times newspaper. With these three things, anyone can independently prove the integrity of any data signed without having to trust a third party.
This keyless signature authority integrates with Joyent SmartDataCenter, providing keyless signing services to Joyent users. It delivers auditable and forensic quality logs and proof of data integrity and residency for stored or archived data.
It’s a solution that can’t be undermined by human error or manipulated by cybercriminals or insiders.
These keyless signatures don’t eliminate or replace the regular security controls that need to be in place, but the process does prove that irregularities exist for tampered data, logs, node.js code, virtual machines, and virtual applications.
For Joyent customers, these signatures avoid messy key management and trust authorities, both of which could be compromised; even a hint of a compromise would invalidate all historical records. Key-based systems cost much more to sign the data than it does to actually store the data. Conversely, keyless signatures address the fundamental weaknesses associated with PKI and key-based security in the cloud; that is, eliminating key management and assuring proof.
- » Capital One confirms data breach, cites cloudy approach as key to swift resolution
- » Why it's time to make continuous cloud security part of your developer journey
- » The rise of Office 365 phishing scams: How one compromised account can cost millions
- » StackRox and Skybox reports warn of dire consequences if container security is not addressed
- » Skybox and Zscaler team up for stronger cloud firewall integration