Anthony Caputo

Head in The Cloud

Blog Post created by Anthony Caputo on Jan 31, 2016

Whether we like it or not, or understand it or not, it’s become clear to me that the next step in our technology evolutionary path is the assimilation into the “Cloud.” It’s not a new idea, but as we have more and more everyday devices connected to the Internet (The Internet of Things), we find the need to include steadfast 24/7/365 cyber security resources to protect our data, and accessibility with the accountability that many organizations lack, which is the most attractive aspect of “the Cloud”.

cloud.jpg


For me, it started back in 2000, when I wrote my book Build Your Own Server for McGraw-Hill. During that writing process I decided to do an experiment, which I detailed in the book. I built a Windows 2000 Server, a Red Hat 7.1 Server and an Apple OS 8.6 server and I plugged them all into my cable modem. This was pre-Service Pack 1 for Windows 2000 Server, which plugged up a hole in the operating system (something about including the Anonymous login into the Everyone group), and so, after about 90 minutes, the Windows 2000 Server started beeping, whistling and automatically shut down. At first, I didn’t know what had happened because I didn’t anticipate a cyber-intrusion within 90 minutes. I wasn’t able to boot the system up again. I reinstalled the operating system and unplugged it from the Internet.


The Red Hat 7.1 server hosted one of my websites at the time, using dynamic DNS. It lasted seven days before it crashed. The Apple OS 8.6 lasted about two years, hosting my web sites, but the SMTP server was then hijacked for email spam. Within the two years, I worked diligently on locking down my Windows 2000 Server, which I wanted to use as a web server, application server and FTP server. I introduced a small business router to block unused ports, configured local and remote access security policies, tried to stay up to date on security patches, updates, anti-virus updates, created more complex passwords, but it finally became clear to me that the management, and maintenance of a live server was a full time job. Invariably, someway, somehow, some ankle biter or computer farm found the latest vulnerability and hijacked the machine for personal use, present some flag of defiance, or simply crashed it; because they could.


I decided, since I already had a full-time job, it was time to find a hosting service. I needed more than just web pages from templates. I needed a secured, managed operating system that could provide me with a easy to use control panel for various web-based applications and statistical information. Still use them to this day, and they provide me with the hardware, bandwidth, operating system and applications I need to host as many websites and web-based applications as required, using as many domain names as I want – I just have to pay a monthly or annual fee. I can honestly say, after over a decade, the service has been well worth it. I’ve delegated the task of fighting the forever war in cyberspace to their cyber security agents – human, hardware and software. They fight the good fight.


In 2010, Elsevier, my publisher of Digital Video Surveillance and Security suggested I create a Blog to promote my book. This was a challenge as most of my projects are centered around sophisticated public safety and homeland security technologies and well – it’s not the kind of subject that should be posted freely on the internet for everyone to absorb and share. However, it’s the 21st Century and its now also the author’s responsibility to market his works, in hopes that at least one out of ten people will actually pay for a copy, rather than download it for free. Yes, even writers have succumbed to the “Power of the Network.”


I seem to recall that as an option on my hosted services, there was Word Press – a popular blogging application that could be installed onto my website at no additional charge. I only knew about Word Press because my son had previously started a music blog on his website I hosted for him and it had some impressive templates and features. And so, I delved into blogging, with vague fluff pieces and technical observations.


I never anticipated my book becoming as successful as it’s become. The first clue was the 25+ reviews on Amazon for the first edition. My Build Your Own Server book, and even a competing book received only less than a handful. The second clue was the 35,000 hits on the Blog every month, but the final clue was when my publisher asked me to write a second edition.


Meanwhile, I started experiencing issues with Word Press. I tried to stay on top of the installation of security updates, added plug-ins that were supposed to protect the application, but those plug-ins also needed updates and security patches. I remember missing one update by two days and it was too late. Even though I disabled commenting, there were dozens of spam comments waiting to be approved for posting and the blog was down.


I had since shut off all interaction, so no one was capable of subscribing, commenting or reviewing. It was just an information portal with no interaction because I didn’t have the time nor couldn’t I stop the invasion. I read lengthy documentation on how to protect it; to lock it down, but it became more of an effort that trying to find a muse to post brilliant insight for readers. It seemed to just get hacked every two weeks.


I decided to go deep into the coded files and attempt a different approach. I did research on the specific files that were mostly targeted and changed them to read-only. Of course, this stopped me from even logging in, unless I reverted the files back to execute, but I had had enough. It got to the point that the more effort I put into the protection; the more creative and aggressive the attacks, until finally I just moved what was left of the Blog to Blogger.com. Blogger.com, who like my hosting services company, also has full time cyber security agents. Unfortunately, at that point, I lost all interest. Nothing like troubleshooting technology to scare a muse away.


Cloud computing is defined as the practice of using the Internet to store, manage, and process data, rather than using a local hardware and software. It separates the hardware, from the operating system from the applications. Obviously, not a new idea, as I continue to succumb to its allure for my own personal lucidity. The migration into more and more web-based applications, the continued exponential speed of processing power, and the growing “Internet of Things” continues to elevate the complexity and sheer girth of 24/7/365 maintainability and support. I’m incline to agree with Lev Grossman of TIME magazine, who in his commentary about the Sony Pictures hack states that corporation data breaches happen all the time (whether we know it or not), and as networks get more complex, the harder they will be to defend, “to the point where there’s no such thing as an impenetrable system.” Even if you can achieve 99% up-time, that’s still seven hours of downtime a month, or three and a half days per year.


The Internet of Things is the objects or devices connected, and the communications network where they can all connect, and the computing platforms that ingest the data flowing between all things. There are about 26 billion devices , with a global economic value of $1.9 trillion by 2020 and $9 trillion in annual sales by 2020 (source: IDC). This kind of growth requires more than an I.T. department for the escalating cyberwar, or even a team of cyber security agents (human, hardware and software), which automates processes for defense. When going to war, everyone needs an army. An army of cyber security agents that include global (24/7/365)human resources who are foxhole thinkers, visionaries and programmers, and their analytical software counterparts, which can work in computer speed and process suspected threats and breaches in nanoseconds, and automate the defense strategy immediately.


A full security analysis must be considered when evaluating porting mission critical applications to the Cloud Computing Stack of Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS). I’m not talking about “OoooOooo, it’s the Internet, and it’s not secure.” That’s irrelevant because everything is now connected to the Internet. That’s where the risk is high. It’s the Cloud infrastructure within that reduces that risk. We need the Cloud. It’s reasonable to be cautious about deploying mission critical applications into The Cloud, but do you really believe you or your organization has the human, hardware and analytical software resources (like the impressive Hitachi Live Insight for IT Operations) for the ever-growing cyberwar?


I had thought my insignificant servers were immune to the advances of cyber pirating over a decade ago. That was not the case. I also believed that my sad Blog application was insignificant in the cyberwar battlefield a few years ago. That was also not the case. I’m sure Sony Pictures believed they were immune or protected, but the fact of the matter is we’ve been daydreaming of the ubiquitous interconnected broadband network for decades and now we have it.


Be careful what you wish for.

Outcomes