Containers Expo Blog Authors: Kareen Kircher, Elizabeth White, Andreas Grabner, Rich DeFabritus, Carmen Gonzalez

Related Topics: @CloudExpo, API Journal

@CloudExpo: Article

Google-China Tiff: A Clash of Cyber Civilizations?

BriefingsDirect analysts discuss ramifications of Google-China dust-up over corporate cyber attacks

The latest BriefingsDirect Analyst Insights Edition, Volume 50, focuses on the fallout from the Google’s threat to pull out of China, due to a series of sophisticated hacks and attacks on Google, as well as a dozen more IT companies. Due to the attacks late last year, Google on Jan. 12 vowed to stop censoring Internet content for China’s web users and possibly to leave the country altogether.

This ongoing tiff between Google and the Internet control authorities in China’s Communist Party-dominated government have uncorked a Pandora’s Box of security, free speech and corporate espionage issues. There are human rights issues and free speech issues, questions on China’s actual role, trade and fairness issues, and the point about Google’s policy of initially enabling Internet censorship and now apparently backtracking.

But there are also larger issues around security and Internet governance in general. Those are the issues we’ll be focusing on today. So, even as the U.S. State Department and others in the U.S. federal government seek answers on China’s purported role or complicity in the attacks, the repercussions on cloud computing and enterprise security are profound and may be long-term.

We’re going to look at some of the answers to what this donnybrook means for how enterprises should best protect their intellectual property from such sophisticated hackers as government, military or, quasi-government corporate entities and whether cloud services providers like Google are better than your average enterprise, or especially medium-sized business, at thwarting such risks.

We'll look at how users of cloud computing should trust or not trust providers of such mission-critical cloud services as email, calendar, word processing, document storage, databases, and applications hosting. And, we’ll look at how enterprise architecture, governance, security best practices, standards, and skills need to adapt still to meet these new requirements from insidious world-class threats.

This periodic discussion and dissection of IT infrastructure related news and events with a panel of industry analysts and guests, comes to you with the help of our charter sponsor Active Endpoints, maker of the ActiveVOS business process management system.

So, join me now in welcoming our panel for today’s discussion: Jim Kobielus, senior analyst at Forrester Research; Jason Bloomberg, managing partner at ZapThink; Jim Hietala, Vice President for Security at The Open Group; Elinor Mills, senior writer at CNET, and Michael Dortch, Director of Research at Focus. The discussion is moderated by BriefingsDirect's Dana Gardner, principal analyst at Interarbor Solutions. [Disclosure: The Open Group is a sponsor of BriefingsDirect podcasts.]

Here are some excerpts:

Mills: We now have a huge first public example of a company coming out and saying, not only that they've been attacked -- companies don’t want to admit that ever and it’s all under the radar -- but also they’re pointing the fingers. Even though they're not specifically saying, "We think it’s the Chinese state," but they think enough of it that they're willing to threaten to pull out of the country.

It’s huge and it’s going to have every company reevaluating what their response is going to be -- not just how they’re going to do business in other countries, but what is their response going to be to a major attack.

Bloomberg: It’s not as big of a wakeup call as it should be. You can ask yourself, "Is this an attack by some small cadre of renegade hackers or is this attack by the government of the People’s Republic of China? That’s an open question at this point.

Who is the victim? Is it Google, a corporation, or the United States? Is it the western world that is the victim here? Is this a harbinger of the way that international wars are going to be fought down the road?

We’ve all been worried about cyber warfare coming, but we maybe don’t recognize it when we see it as a new battlefield. It's the same as terrorism. It’s not necessarily clear who the participants are.

When you place the enterprise into this context, well, it’s not necessarily just that you have a business within the context of a government subject to particular laws of particular government, you have the supernational, where large corporations have to play in multiple jurisdictions. That’s already a governance challenge for these large enterprises.

We already have this awareness that every single system on our network has to look out for itself and, even then, has levels of vulnerability.

Now, we have the introduction of cyber warfare, where we have concerted professional attacks from unknown parties attacking unknown targets and where it’s not clear who the players are. Anybody, whether it’s a private company, a public company, or a government organization is potentially involved.

That basically raises the bar for security throughout the entire organization. We’ve seen this already, where perimeter-based security has fallen by the wayside as being insufficient. We already have this awareness that every single system on our network has to look out for itself and, even then, has levels of vulnerability. This just takes it to the national level.

Kobielus: I don’t see anything radically or fundamentally new going on here. This is just a big, powerful, and growing world power, China, and a big and growing world power on a tech front Google, colliding. ... There has always been corporate espionage and there’s always been vandalism perpetrated by companies against each other through subterfuge, and also by companies or fronts operating as the agent of unseen foreign power. ... This is international real-politic as usual, but in a different technological realm.

Hietala: In terms of the visibility it’s gotten and the kinds of companies that were attacked, it’s a little bit game-changing. From the information security community perspective, these sorts of attacks have been going on for quite a while, aimed at defense contractors, and are now aimed at commercial enterprises and providers of cloud services.

I don’t think that the attacks per se are game-changing. There’s not a lot new here. It’s an attack against a browser that was couple of revs old and had vulnerability. The way in which the company was attacked isn’t necessarily game-changing, but the political ramifications around it and the other things we’ve just been talking about are what make it a little game-changing.

Dortch: This puts Google in the very interesting position of having to decide. Is it a politically neutral corporation or is it a protector of the data that its clients around the world, not just here, and not just from governments but corporations? Is it a protector and an advocate of protection for the data that those clients have been trusted to it? Or, is it going to use the fact that it is a broker of all that data to sort of throw its muscle around and take on governments like China’s in debates like this.

The implications here are bigger than even what we’ve been discussing so far, because they get at the very nature of what a corporation is in this brave new network world of ours.

Gardner: This boils down to almost two giant systems or schools of thought that are now colliding at a new point. They've collided at different points in the past on physical sovereignty, military sovereignty, and economic sovereignty. The competition is between what we might call free enterprise based systems and state sponsorship through centralized control systems.

Free enterprise won, when it came to the cold war, but it's hard to say what's going to happen in the economic environment where China is a little different beast. It's state sponsored and it's also taking advantage of free enterprise, but it's very choosy about what it allows for either one of those systems to do or to dominate.

When you look at the Google, Google made itself into a figurehead of representing what a free enterprise approach could do. It's not state sponsored or nationalistic. It's corporate sponsored. So, it would be interesting to see who has the better technology, who has the better financial resources, and ultimately who has the organizational wherewithal to manifest their goals online that wins out in the marketplace.

If an organized effort is better at doing this than a corporate one, well then they might dominate. But so far, we've seen a very complex system that the marketplace -- with choice, and shedding light and transparency on activities -- ultimately allows for free enterprise predominance. They can do it better, faster, cheaper and that it will ultimately win.

I think, we're really on the cusp here of a new level of competition, but not between countries or even alliances, but really between systems. The free enterprise system versus the state-sponsored or the centralized or the controlled system. It should be very interesting.

Bloomberg: ... If anything, cloud environments reduce the level of security.

They don’t increase it for the very reason that we don’t have a way of making them sovereign in their own right. They’re always not only subject to the laws of the local jurisdiction, but they’re subject to any number of different attacks that could be coming from any different location, where now the customers aren’t aware of this sort of vulnerability.

So, “Trust, but verify,” is a good point, but how can you verify, if you’re relying on a third party to protect your data for you? It becomes much more difficult to do the verification. I'd say that organizations are going to be backing away from cloud, once they realize just how risky cloud environments are.

Mills: Microsoft’s general counsel Brad Smith recently gave a keynote at the Brookings Institute Forum, and he talked about modernizing and updating the laws to adapt specifically to the cloud. That included privacy rights under the Electronic Communications Privacy Act being more clearly defined, updating the Computer Fraud and Abuse Act, and setting up a framework so that differences in the regulations and practices in various countries can be worked out and reconciled.

Hietala: I don’t think there is a silver-bullet cloud provider out there that has superior security to have that position. All enterprises still are going to have to be at the top of their game, in terms of protecting their assets, and that extends to small or medium businesses.

At some point, you could see a cloud provider stake out that part of the market to say, "We’re going to put in a superior set of controls and manage security to a higher degree than a typical small-to-medium business could," but I don’t see that out there today.

Dortch: Many small businesses outsource payroll processing, customer relationship management (CRM), and a whole bunch of things. A lot of that stuff is outsourced to cloud service providers, and companies haven’t asked enough questions yet about exactly how cloud providers are protecting data and exactly how they can reassure that nothing bad is going to happen to it.

For example, if their servers come under attack, can they demonstrate credibly how data is going to be protected. These are the types of questions that incidents like this can and should raise in the minds of decision-makers at small and mid-sized businesses, just as they're starting to raise these issues, and have been raising them for a while, among decision-makers at larger enterprise.

Kobielus: I think what will happen is that some cloud providers will increasingly be seen as safe havens for your data and for your applications, because (A) they have the strong security, and (B) they are hosted within, and governed by, the laws of nation states that rigorously and faithfully try to protect this information, and assure that the information can then be removed -- transferred out of that country fluidly by the owners, without loss.

How about governments in general, maybe it's the United Nations who steps in? Who is the ultimate governor of what happens in cyber space?

In other words, it's like the Cayman Islands of the cloud -- that offshore banking safe haven you can turn to for all this. Clearly, it's not going to be China.

... In terms of who has responsibility and how will governance best practices be spread uniformly across the world in such areas of IT protection, it's going to be some combination of multilateral, bilateral, and unilateral action. For multilateral, the UN points to that, but there are also regional organizations. In Southeast Asia there is ASEAN, and in the Atlantic there is NATO, and so forth.

Bloomberg: Who decides what is enough? We have these opposing forces. One is that information should be free, and the Internet should be available to everybody. That basically pushes for removing barriers to information flow.

Then you have the security concerns that are driving putting up barriers to information flow, and there is always going to be conflict between those two forces. As increasingly sophisticated attacks develop, that pushes the public consensus toward increasing security.

That will impact our ability to have freedom, and that's going to be, continue to be a battle that I don’t see anybody winning. It's’ really just going to be an ongoing battle as technology improves and as the bad guys attacks improve. It's going to be an ongoing battle between security and freedom and between the good guys and the bad guys, as it were, and that's never going to change.

Hietala: Large enterprises are going to have to be responsible for the security of their information. I think there are a lot of takeaways for enterprises from this attack. If you're talking about specific individuals, it’s almost hopeless, because your average individual consumer doesn’t have the level of knowledge to go out and find the right solutions to protect themselves today.

So, I'll focus on the large enterprises. They have to do a good job of asset inventory, know where, within their identity infrastructure, they're vulnerable to this specific attack, and then be pretty agile about implementing countermeasures to prevent it. They have to have patch management that's adequate to the task of getting patches out quickly.

They need to do things like looking at the traffic leaving their network to see if people are already in their infrastructure. These Trojans leave traces of themselves, when they ship information out of an organization. When people really understand what happened in this attack, they can take something away, go back, look at what they are doing from a security standpoint, and tighten things up.

If you're talking about individuals putting things in the cloud, that’s a different discussion that doesn’t seem real feasible to me to get them to the point where they can secure their information today.

Kobielus: I don't think Google is going to leave China. I think they are going to stay in China and somehow try to work it out with the PRC. I don't know where that's going, but fundamentally Google is a business and has a "don't do evil" philosophy. They're going to continue to qualify evil down to those things that don't actually align with their business interest.

In other words, they're going to stay. There's going to be a lot of wariness now to entrust Google's China operation with a whole lot of your IT -- "you" as a corporation -- and your data. There will be that wariness.

Preferred platforms

Other cloud providers will be setting up shop or hosting in other nations that are more respectful of IP, other nations that may not be launching corporate or governmental espionage at US headquartered properties in China. Those nations will become the preferred supernational cloud hosting platforms for the world.

I can't really say who those nations might be, but you know what, Switzerland always sort of stands out. They're still neutral after all these years. You've got to hand that to them. I trust them.

Bloomberg: In the short-term, the noise is going to die down or going to go back to business as usual. The security is going to need to improve, but so are hacks from the bad guys. It's going to continue, until there is the next big attack. And the question is, "What's it going to be and how big is it going to be?"

We're still waiting for that game changer. I don't think this is a game changer. It's just a way to skirmish. But, if a hacker is able to bring down the internet, for example, targeting the DNS infrastructure to the point that the entire thing collapses, that’s something that could wake people up to say, "We really have to get a handle on this and come up with a better approach."

Hietala: From our perspective [at The Open Group], we're starting to see more awareness at higher levels in governments that the threats and issues here are real. They’re here today. They seem to be state sponsored, and they're something that needs to be paid attention to.

Secretary of State Clinton recently gave a speech where she talked specifically about this attack, but also talked about the need for nations to band together to address the problem. I don't know what that looks like at this point, but I think that the fact that people at that level are talking about the problem is good for the industry and good for the outlook for solutions that are important in the future.

Mills: I think Google is going to get out of China and try and lead some kind of U.S. corporate effort or be a role model to try to do business in a more ethical way, without having to compromise and censor.

There will be a divergence that you'll see. China and other countries may be pushed more towards limiting and creating their own sort of channel that's government filtered. I think the battle is just going to get bigger. We're going to have more fights on this front, but I think that Google may lead the way.

More Stories By Dana Gardner

At Interarbor Solutions, we create the analysis and in-depth podcasts on enterprise software and cloud trends that help fuel the social media revolution. As a veteran IT analyst, Dana Gardner moderates discussions and interviews get to the meat of the hottest technology topics. We define and forecast the business productivity effects of enterprise infrastructure, SOA and cloud advances. Our social media vehicles become conversational platforms, powerfully distributed via the BriefingsDirect Network of online media partners like ZDNet and IT-Director.com. As founder and principal analyst at Interarbor Solutions, Dana Gardner created BriefingsDirect to give online readers and listeners in-depth and direct access to the brightest thought leaders on IT. Our twice-monthly BriefingsDirect Analyst Insights Edition podcasts examine the latest IT news with a panel of analysts and guests. Our sponsored discussions provide a unique, deep-dive focus on specific industry problems and the latest solutions. This podcast equivalent of an analyst briefing session -- made available as a podcast/transcript/blog to any interested viewer and search engine seeker -- breaks the mold on closed knowledge. These informational podcasts jump-start conversational evangelism, drive traffic to lead generation campaigns, and produce strong SEO returns. Interarbor Solutions provides fresh and creative thinking on IT, SOA, cloud and social media strategies based on the power of thoughtful content, made freely and easily available to proactive seekers of insights and information. As a result, marketers and branding professionals can communicate inexpensively with self-qualifiying readers/listeners in discreet market segments. BriefingsDirect podcasts hosted by Dana Gardner: Full turnkey planning, moderatiing, producing, hosting, and distribution via blogs and IT media partners of essential IT knowledge and understanding.

@ThingsExpo Stories
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Ask someone to architect an Internet of Things (IoT) solution and you are guaranteed to see a reference to the cloud. This would lead you to believe that IoT requires the cloud to exist. However, there are many IoT use cases where the cloud is not feasible or desirable. In his session at @ThingsExpo, Dave McCarthy, Director of Products at Bsquare Corporation, will discuss the strategies that exist to extend intelligence directly to IoT devices and sensors, freeing them from the constraints of ...
Intelligent machines are here. Robots, self-driving cars, drones, bots and many IoT devices are becoming smarter with Machine Learning. In her session at @ThingsExpo, Sudha Jamthe, CEO of IoTDisruptions.com, will discuss the next wave of business disruption at the junction of IoT and AI, impacting many industries and set to change our lives, work and world as we know it.
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
SYS-CON Events announced today that Streamlyzer will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Streamlyzer is a powerful analytics for video streaming service that enables video streaming providers to monitor and analyze QoE (Quality-of-Experience) from end-user devices in real time.
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Cloud based infrastructure deployment is becoming more and more appealing to customers, from Fortune 500 companies to SMEs due to its pay-as-you-go model. Enterprise storage vendors are able to reach out to these customers by integrating in cloud based deployments; this needs adaptability and interoperability of the products confirming to cloud standards such as OpenStack, CloudStack, or Azure. As compared to off the shelf commodity storage, enterprise storages by its reliability, high-availabil...
The IoT industry is now at a crossroads, between the fast-paced innovation of technologies and the pending mass adoption by global enterprises. The complexity of combining rapidly evolving technologies and the need to establish practices for market acceleration pose a strong challenge to global enterprises as well as IoT vendors. In his session at @ThingsExpo, Clark Smith, senior product manager for Numerex, will discuss how Numerex, as an experienced, established IoT provider, has embraced a ...
The Internet of Things (IoT), in all its myriad manifestations, has great potential. Much of that potential comes from the evolving data management and analytic (DMA) technologies and processes that allow us to gain insight from all of the IoT data that can be generated and gathered. This potential may never be met as those data sets are tied to specific industry verticals and single markets, with no clear way to use IoT data and sensor analytics to fulfill the hype being given the IoT today.
Donna Yasay, President of HomeGrid Forum, today discussed with a panel of technology peers how certification programs are at the forefront of interoperability, and the answer for vendors looking to keep up with today's growing industry for smart home innovation. "To ensure multi-vendor interoperability, accredited industry certification programs should be used for every product to provide credibility and quality assurance for retail and carrier based customers looking to add ever increasing num...
In the next forty months – just over three years – businesses will undergo extraordinary changes. The exponential growth of digitization and machine learning will see a step function change in how businesses create value, satisfy customers, and outperform their competition. In the next forty months companies will take the actions that will see them get to the next level of the game called Capitalism. Or they won’t – game over. The winners of today and tomorrow think differently, follow different...
“Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. CloudBerry Backup is a leading cross-platform cloud backup and disaster recovery solution integrated with major public cloud services, such as Amazon Web Services, Microsoft Azure and Google Cloud Platform.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, will discuss how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team a...
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
What are the successful IoT innovations from emerging markets? What are the unique challenges and opportunities from these markets? How did the constraints in connectivity among others lead to groundbreaking insights? In her session at @ThingsExpo, Carmen Feliciano, a Principal at AMDG, will answer all these questions and share how you can apply IoT best practices and frameworks from the emerging markets to your own business.
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and ...