Total Information Outsourcing poses 3 threats in terms of security :
- Data Archival : how can I be sure that my data is safely backed up ?
- Intelligence : how can I be sure that nobody is using my data without my permission ?
- Quality : how can I be sure that the application security policies are well implemeted ?
The data archival threat is well know by users of ASP services provided in the end of 90s by companies which later bankrupted after the crash of the Internet bubble, causing the loss of corporate data of many companies [ref]. SaaS services, which are often no different in principles from the ASP created 10 years ago, share the same risks and threats but are now more widely adopted by a new generation of Internet users who hav been raised with and increasing trust in the services provided by Yahoo, MSN, Google, etc. Large data centers which power SaaS are used as a marketing argument to prove their security wrt. data archival. However, no network of data centers is safe from a September 11^th type attack. The world economy is really put in danger by the centralisation of data. The only acceptable way to reduce the threats posed by data centralisation is to implement true data distribution, with no central authority and at the same time true garantees of actual distribution. One efficient approach consists in allowing users of SaaS applications to backup completely their online application data to a different location of their choice. One issue remains though is the scope of this data : exchange data, native data, logs. Obviously, native data and logs provide the highest security from an auditing point of view, as long as the application required to read them is available at reasonable cost.
The second threat posed by TIO is intelligence. 30 years ago, the introduction in Minitel – a French ancestor of online services – of a technology similar to what cookies do in nowaday browsers, created mass protests because it was considered as a privacy intrusion. 30 years later, presidents of countries provide a copy of their strategic emails to RIM corporation in Canada each time they use a Blackberry phone, CEOs of companies share their contact list when they open an account on facebook, and parents track the location of their children through their mobile phone. Cryptography is used by hardly nobody to protect their privacy. However, if a company was told that the tax administration could access their accounting data any time, or if a company was told that all their sales portfolio was aggregated to produce statistics sold to its competitors, CEOs would probably think twice before moving to TIO. Solid solutions are required for this issue, as well as to provide a kind of transparency and auditability of the potential intrusions in the system. An efficient solution consists of crafting an SLA which provides certain rights to the customer in terms of privacy, auditability, access control to data or compartmenting of infrastructure. The existence of possible competition is of course an extra joker to negotiate acceptable SLAs.
The third threat posed by TIO is quality. Many online applications are based on in house developped source code which quality remains unknown to end users. Bugs in online applications can lead to data loss, intrusion, information leaks, etc. The fact that online applications, as any other software, has bugs is not an issue as such. All software in the world actually include in average between 5 and 30 bugs per 1,000 lines of code [REF]. It would however be an issue that such bugs are not known nor advertised and that end users have no practical way to assess the quality of online applications, to monitor upgrades and their consequences, to benefit from reasonable transparency in the way the online application if being operated by the provider. Open sourcing online applications in the context of an appropriate SLA is again an efficient solution to reduce this risk.
References
TBD