What does the post-Snowden internet need? A price list
Trust needed in the cloud, and the 'net-o-things, says Fujitsu boss
Fujitsu’s CTO has warned that moves to localise the internet in the wake of the NSA scandal risk fracturing the system and are ultimately unnecessary given the possibility of better cloud management.
Joseph Reger, talking to us last month at the firm’s Fujitsu Forum event, also warned of the security and privacy issues raised by the Internet of Things, and said similar management approaches could mitigate many of these.
Reger refused to comment directly on the allegations that the NSA and other intelligence organisations had tapped fibre cables, cracked encryption and built backdoors into service providers.
However, he questioned some of the responses to the allegations. These have included efforts by the Brazil government that would lock data in country, and suggestions that there will be a local data centre boom as customers demand assurances that the US - or other countries - cannot get anywhere near their data. Deutsche Telekom has launched a supposedly NSA-proof email and mobile service.
“I think that in the current situation there will be attempts to do that kind of segregation for privacy or data security means,” said Reger. “But I also think that violates one principle of the internet - mainly that it’s worldwide.”
Efforts to wall off sections of the internet to block the NSA or other government agents could mean “[w]e will fall into small pieces that are isolated from each other.”
The Matrix: you have to see it for yourself
At the same time, said Reger, “I do see that people and companies have different needs in terms of security and privacy and protections of all kinds - and I believe that the infrastructure of the future will take that into consideration.”
Right now, he said, the cloud was largely a one-size-fits-all proposition. “We tend to use very high level concepts that don’t make any difference and cannot accommodate needs. If you sign up for a cloud service you very rarely can express wishes and requirements and needs for a particular type of load.”
Part of this was already in place, he said, as countries already had restrictions on the storage and movement of some types of data. “Health records in almost all countries of this world are under particular regulations...so it’s obvious that one should pay attention to this.”
Reger pitched this in less emotional language than some of the debate to date, referring to management and orchestration: “Recently we’ve started a research project to see what this would mean and within this research we drove a focus on a type of load scheduler and balancer that would read a formal specification of what kind of load and what kind of jobs were being put in from the cloud what kind of requirements can be listed.”
So, when handling healthcare-related data, the system could impose the highest levels of encryption and ensure it stayed in country. Other data might require similar levels of privacy, he continued, but its movement within the EU might be OK.
“It becomes a matrix if you map that against the capabilities of your services and this can be cloud services of all kinds not necessarily yours - it can be just a catalogue of cloud services that are available and that you are brokering for that particular customers.”
“The hosted services orchestrator then goes out and looks at these and decides that that particular load will run in a virtual machine of this kind and on that hardware there will be no other virtual machines it will be a dedicated hardware.”
Or not, as the case may be.
Reger said he wasn’t announcing a product, but “It’s not that hard to solve.”
And once you’re talking matrices of capabilities and services, a detailed price list isn’t far behind.
“Obviously there’s a cost function by the way that needs to be computed here. Because if there are absolutely no restrictions of any kind and no priority assigned to a job that can be executed at a lower price than a higher level...obviously that’s a more expensive service.”
Internet of EveryThing(s)
At 160kmph on the German autobahn, a "smart" linked up road is an issue
The same issues of differentiation, orchestration, load-balancing, and abstraction - as well as privacy and security - come into play when Reger talks about the Internet of Things. Not that he likes the term. Almost as little as he likes “internet of everything”.
“Cisco is putting their name tag on it so I’m not particularly interested in using it. What I think will happen is that eventually there will be no additional qualifier on it. Once we understand it and accept it, it will become the internet again.”
That understanding will in large part come through addressing those same issues of orchestration and management argues Reger.
“There is a piece of good news here and that’s the internet of things is being built on an IT stack. It’s not separate, it doesn’t need something entirely new. The bad news is that the current IT stack does not suffice...it doesn’t scale - you’re talking about very different numbers of components here.”
He adds: “By and large it’s an IP stack and we can build on that stack and therefore existing Fujitsu research and projects and technologies that were admittedly not developed with the internet of things in mind are totally applicable.
“It turns out that the basic problem that you have to solve is not just privacy the bigger one is actually security."
IP-enabled lightbulbs raise security issues from the point of view of miscreants misusing your lights or working out when you’re home. Scaling up, injecting code into such devices if they are unprotected raises the prospect of a gargantuan army at the fingertips of anyone looking to launch DDoS attacks.
A more mundane issue – but one which is potentially much more catastrophic – arises when you consider that many of the “things” in this expanded internet will weigh upwards of a tonne and move at speeds of over 100mph.
“You have to authenticate connections. Take any of the impressive interesting scenarios of the future one of which is related to cars - already today something like 75 per cent of all recalls are related to firmware updates.
“Recalls are very expensive - people have to return to repair shops and garages and that sort of thing.”
Being able to update firmware in cars, or other devices, over the air has obvious appeal.
“But you don’t want somebody talking to your car whilst you’re driving [on the road] because that at 160kmph on the German autobahn is an issue,” says Reger. “So, you’ve got to establish trust in relationships between the components.
“In the PC world that’s a problem that has essentially been addressed by the trusted compute model.”
A similar model could work in the Internet of Things, he predicts, “to establish trust relationships. Who is who, who is allowed to do what and what happens if a component wants trust [as well as] how to switch if off and take if out.”
This of course will take some negotiation among the industry players, but, says Reger, discussions about standardising protocols are well underway.
“We have another technology [demonstrated at Fujitsu Forum] to organise millions of sensors in an ad hoc self-organising self-directing mesh network.
“So you can organise a couple, 10,000 sensors into a working network. That is something we submitted for this particular reason that you mentioned - that the whole industry. It’s not enough that just Fujitsu does that; we need standards.”
Reger also suggested that the Internet of Things could also do with a dose of humanity - including leaving the humans out of it where appropriate.
For example, the use of sensors for security purposes could negate the need for CCTV cameras - another technology demonstrated at the vendor’s customer even, and part of what. In this instance, by using sensors to detect movement and derive “detailed enough images and information so that you can determine movement of people in buildings movement of people in hospitals or patients moving from the bed that kind of thing.”
“The point is these are detailed images including the motion including the analytics to detect how are moving except it doesn’t give you your face. So it protects privacy... It’s based on the notion that if you do not want or need a particular type of information, do not record it, because if you want to record it, who knows what happens.”
This is all part of what Fujitsu dubs its Human Centric Intelligent Society strategy. It’s not as catchy as the Internet of Things, but at least it mentions people.
But more importantly, perhaps, Reger’s take on the cloud post-NSA, as well as IoT, also takes into account revenue and profit. And arguably it is these elements that will determine whether we do get an internet that is largely beyond the reach of snoopers, whether they’re in Washington or elsewhere. ®
Sponsored: Customer Identity and Access Management