David Chappell


Get the Feed! Subscribe

The World's Most Dangerous Technology  
# Tuesday, July 30, 2013
What is the world's most dangerous technology? Is it, say, nuclear weapons? Or maybe bio-engineered food?

No. The world's most dangerous technology is Windows Update.

Think about it. Every Patch Tuesday, Microsoft puts whatever code it wants directly into your operating system. While many organizations test updates to make sure they don't break anything, how many check to make sure that an update doesn't steal sensitive data off your disk? Pretty much nobody.

Suppose the government of North Korea announced tomorrow that they'd acquired all of the assets of the Microsoft Corporation. What would we do? The answer is clear: We'd all turn off Windows Update immediately. We would never trust Kim Jong-un with this power. Yet we do trust Microsoft, mostly without even thinking about it.

Remember this the next time an enterprise IT leader tells you that he or she will never trust public cloud platforms. The level of trust that enterprises already have in Microsoft far exceeds what Windows Azure or another cloud platform asks of them.

Why do we trust Windows Update? Two reasons: It provides real benefits, and it's proven to be trustworthy over time. As long as these same two things are true of public cloud platforms--and they are so far--we'll also learn to trust them.

We're not there yet, but the day when trusting a public cloud platform is as unremarkable as trusting Windows Update is coming.

4 comments :: Post a Comment



Google glass scares me, too many attack vectors

This is awesome!

"We're not there yet, but the day when trusting a public cloud platform is as unremarkable as trusting Windows Update is coming."

You've laid out a great brief argument for the eventual irrelevance of data security/confidentiality as a barrier to public cloud adoption.

But this argument alone doesn't convince my that trusting a cloud platform will be as unremarkable as trusting Windows Update.

1. Microsoft updates can be deployed pre-production by individual organizations to evaluate service availability risk. (You concede this at the beginning of the post.) A lot of thought and design has to go into this aspect of the public cloud and mitigating risk. Its a young, young platform.
2. Data ownership issues aside (from security/confidentiality) must be confidently resolved. When a given service shuts down, what happens to the subscriber data? Who controls what happens to ALL copies of the data, including the cold storage that was previously maintained for regulatory compliance and litigation risk? This is also a huge area that must mature as the platform matures.

Additional rambling and links to information about 9 Amazon EC2 service outages from 2010 through 2012.

On point 1, remember that IaaS clouds just run ordinary Windows Server, which gets patched in the usual way. This isn't young--we have lots of experience doing this.

On point 2, data ownership is a contractual issue. From what I've seen, the big providers (and their customers) have this down: Data belongs to the customer, full stop, and the provider must scrub away all traces of removed data. We have to trust them to actually do this, of course, and perhaps we'll one day see regulation here. But for now, I don't see this issue come up much--the contracts are clear.

Post a Comment

<< Home