Interesting article. Went out to the site. They make it almost impossible to download the "Community" version. It's hidden very well and the "Enterprise" ($$$) version is related to every link.

BUT, the community edition of owncloud is in the repository.

Good article and I was interested right up to the penultimate paragraph:
"...The ownCloud server is written in PHP and JavaScript..."

JavaScript is simply too in-secure...

I will *NEVER* rely on 'the cloud.' Oh, sure, I use off-site storage like Dropbox and my own domains, but I mean that I'll never use the cloud as my main/only storage solution. I've been at this way too long to put THAT MUCH confidence in any one solution. For one thing, what happens if you're relying on the cloud for your business data--and then your Internet connection goes out? Oops! Just imagine an office full of people sitting around twiddling their thumbs...

Or, your cloud contains a list of your clients and what you do for them. Someone on the cloud's physical site breaks in and steal your list and sells it to your competitor, or competes with you.

So... there are some flaws in that TechRepublic article.

The alternative is: you build your own data centers and connect them to each other using MPLS links from $TELCO. Materially, this is no different than using $CLOUD for your compute and storage. Government agencies (and other adversaries) can still tap the links. MPLS offers "privacy" in nearly the same way that my house, with nearly completely glass walls on the south and west sides, offers "privacy" from me walking around completely naked and out of / in full view of my neighbors in the house across the driveway.

This is a meaningless statement because it lacks definition of scope. If scope = locality, then yeah, putting storage and compute in the cloud means you lose scope. You also lose scope the moment you let your data cross some random telco's MPLS links. Yet few have seen reason to complain about this. Now, consider: it can also be true that scope = ownership. Placing your data into AWS or Azure doesn't mean that you concede ownership. In fact, both these cloud providers make it very plain that you retain ownership of your data. Alas, I cannot say the same for Google.

Lock-in: J. Random Enterprise doesn't care. Efficiency >> altruism. If this weren't true, you wouldn't see Microsoft Office document formats being the default for 99% of businesses. Security: I'll have more to say about this in a moment. Price: moving to a public cloud allows an IT department to shift money from capital expenditure (cap-ex) budgets to operational expenditure (op-ex). This is a financial orgasmatron. No more depreciation, no more stranded assets, easier tax accounting...the benefits go on and on.

Red herring. Control can be asserted not just by location. It can be asserted in myriad ways. ACLs, encryption/signatures, and service level agreeements also permit strong and fine-grained control. And guess what? Everyone with a telco link has used this model for networking since, well, forever! No one lays their own fiber anymore. This notion can be extended to compute and storage, too.

Another red herring. Dedicated links are not automatically faster! When you buy connectivity, you buy a set amount of bandwidth. A 1 Gbps MPLS link has exactly the same performance characteristics -- speed, latency, jitter -- as a 1 Gbps Internet link. Yeah, sure, the Internet is "best effort" -- but you know what? Packet loss on the Internet is just not a thing these days. Proof: http://www.internettrafficreport.com/.

What? I'm sorry, but what is this dude smoking, and why won't he share? (1) Most enterprise workloads don't involve the movement of "terabytes and petabytes" to and from the cloud. (2) My employer (Riverbed Technology) has built a very successful business around accelerating the movement of "terabytes and petabytes" between branch offices and data centers. Yet, curiously, we don't see a whole lot of people coming to us asking for similar help moving such volumes of data to the cloud. We have products that can make this problem disappear, but they aren't huge revenue generators for us. I contend, therefore, that the very premise of this claim in the article is demonstrably false.

My battery is about to die and I still have a few hours before my plane lands in Seattle. So here's what I have to say about cloud security.

Examine the compliance certifications obtained by Amazon and Microsoft (just two of many examples). Consider the incredible efforts these providers must undergo to qualify for and regularly renew so many. It's an astonishing amount of work, and every single customer -- regardless of size -- derives benefit from it.

Compare that to J. Random On-Premise Datacenter. Which do you think has better security processes, is better able to withstand relentless denial-of-service attacks, and can afford to maintain a global incident response capability? If anything, the large public clouds are more secure than on-premise IT. They also reduce the security and compliance burden for customers. If you're managing something on-premise, the assets you need to secure and your scope of compliance is the full stack: from the concrete to the data. In the cloud, the provider handles the lower levels, from the concrete to the hypervisor -- the undifferentiated heavy lifting of security. What's in scope for the customer is less, and they need to spend time only on those security controls that actually represent the customer's policies.

If security were truly a barrier to cloud adoption, then cloud computing would have evaporated years ago. Obviously, that hasn't happened; in fact, cloud is just going to keep growing and growing and growing.

Err...what?

Are you mixing JavaScript with Java applets?

There are some cross-site scripting attack vectors due to poor web site engineering practices (like loading javascript from external sources), but that doesn't make javascript inherently insecure.

And malicious web sites can run malicious javascript purposefully, but that doesn't make javascript insecure either (C/C++ aren't insecure just because you can write malware with them).

Most businesses that decide to incorporate cloud computing into their IT delivery models use multiple redunant Internet connections, usually via separate provider. Where I work, we have about 85 facilities, including data centers, main offices, and branch offices. We don't use any private WAN links at all. Every site as multiple Internet connections. Outages aren't a part of our landscape.

A visual representation of cloud computing

Another story about the insecure "cloud"

http://www.independent.co.uk/news/pe...d-9705491.html

They could just as easily have been "hacked" from a shared hosting service, a dedicated hosting service, or a server in her own home. Regardless of where you store data, you need to protect it with access controls, encryption, and digital signatures -- relative, of course, to the the threat level and to the resulting exposure cost if something bad happens.

Personally, I encrypt all my naked selfies. And my encryption key is longer than yours.

Funny you should mention that. It's not just clouds.

When I began working for the Dept of Rev they had 30 NetWare servers and 450 Win95 & Win98 client workstations. You could just count on one or more of the NetWare servers going down over a week end and taking half of Monday morning for the IT staff to bring it back up and keep it up. If your tools or other files were on the server that went down you had a few hours of free time, usually spent surfing. That's what happens when the local "cloud" goes down. The guy who was in charge of the servers knew less about networking than I did, and I gave up networking to focus on programming 15 years before.

All that changed when the suits at Rev got serious, due mainly to hemorrhaging of money, let the pseudo admin go and gave a six month contract to a professionally trained and certified NetWare admin (his first name was Rod, and he was Chinese. A super guy- smart, humble, worth every penny he was paid, and rumor has it that his pay was nearly 3X the dummy admin's pay).

Uncharacteristically, Rod was given a huge budget and a free hand by the suits. He ripped out the cable, passive hubs and other junk and re-wired, putting in cat-5 cable, high speed switches and reconstructed the network topography. Within a month the average speed of the LAN nearly tripled and the server failure rate went to near zero, usually being caused only by server hardware failure, not network config problems, shoddy cabling or overloaded/failed hubs. It became a rare thing for a network server to go down. He also trained three of the smartest guys in IT to be professional network admins. It was sad to see him go. After he left the guys he trained kept the network running to Rod's standards. We code pounders couldn't count on Monday half-days any more .

I'm continuously astonished that famous people feel the need to take naked selfies with a small and easy to steal device, and then sync them with a cloud service that they neither control nor understand.

Hopefully this will be a wake-up call to everyone, and as Steve points out - this could have been any cloud service, not just Apple's. However, if a hacker knows that the targeted celeb has an iphone (and apparently most do) then they don't have to work out which cloud service to hack.

I bet people are also going to find that photos that thought they had deleted are strangely not deleted from icloud and are still available for hacking....

Maybe we as a society need to get over our curious obsession with / repulsion by sex. Humans are sexual beings. It feels good, it's a basic biological function, and consenting adults (in any number and gender) should be able to do whatever they want together without interference or oppression by any state or religion. Once we got our societal attitude adjusted, no one would care about naked celebrity selfies, because nakedness wouldn't be shameful.

Sorry, but I don't agree with this bit. It's not about shame, it's about a voyeuristic desire to see celebs naked, and there always going to be plenty of people interested in seeing them regardless of our attitudes to sex just because they are famous.

Everyone has the right to take naked selfies if they want, but if you want to keep them private then encrypt your phone and don't sync them to someone else's server.

However, I can imagine that some didn't realise that they were syncing them to someone else's server.