Amrit Williams, BigFix CTO, discusses the possibilities for cloud computing in the next few years with Chris Hoff, Director of Cloud & Virtualization Solutions of the Security Technology Business Unit at Cisco Systems.

Subscribe in iTunes:

Subscribe with XML:

FULL TRANSCRIPT

Amrit Williams: Welcome! This is Amrit Williams, your host on Beyond the Perimeter, and today I am joined by Chris Hoff, who leads the Virtualization & Cloud Computing Strategy with Cisco, and has quite a prolific career, that I will not be able to repeat here today. So I will simply say, welcome Chris!

Chris Hoff: Thanks man!

Amrit Williams: So one of the things that I thought was really interesting in something you said was around this concept of how potentially this changes in the future. So just to sort of end on that, what do you think is going to happen in the next five years; I mean, where does this go?

Chris Hoff: So I think the most interesting thing about computing/cloud computing is that the stuff that runs the back-end in the next five years gets kind of boring and commoditized. So the things providing service start looking very, very similar.

I think the next battleground or the resurgence of a battleground that is far more interesting is that of the mobile platforms that we use to consume and access this data. Why this is interesting and important to me, I gave a keynote talk at the Cloud Security Alliance Summit that focused on this, I called it the Cloud Magic 8 Ball, like what’s next in cloud computing.

Basically, there are seven billion people on the planet and four billion mobile handsets, not including sensors either. So the interesting point here is that, when you look at how smart and competent and capable a good number of these platforms are, regardless of the fact that the app that we started using on these phones was just a dumb web browser, a single app, now we have what ends up being — I have like a 100 apps on my iPhone. So each one of these apps, which uses for the most part HTTP to communicate anyway, but each one of these apps has its own little attack surface, has got its own little portal to various pools of information.

So what’s interesting with cloud is that, as these large cloud providers reconsolidate applications and data in these mega data centers, fewer and fewer of them, but with higher and higher densities of compute network and storage, these same applications and data are being replicated and deployed, in part or in whole, on the same mobile handset platforms that we use to make phone calls and then communicate and replicate data to.

So it’s funny, in as much as people today in the enterprise IT world, talk about the fact that they don’t want their data being in other people’s hands, but quite literally, that data is in other people’s hands.

So the evolution of the mobile platform and our lack of focus on the fact that we have always treated mobile platforms as mobile phones, like, oh, yeah, there is some Bluetooth snarfing and there’s the odd threat of mobile viruses and Trojans, but they have been more pain in the ass and have been widespread. These mobile phones, besides the fact that most of them these days, you can’t even make a freaking telephone call off of, thanks to the provider, and if you hold it with your left hand, you certainly can’t, but the point being there is, they are no longer phones. They are like the entire mini pocket clouds.

So I think the next big thing and it’s starting in the next couple of years, if not already, is, how are we, from a security perspective specifically, going to deal with, A, this complete bifurcated approach of securing the platforms where we were getting the ability to consolidate our data, again, in kind of micro DMCs, in the cloud, but now, I have got to secure that and I have got to figure out what happens to that data and the applications that are consuming it on the other end too, and we suck at both?

So really, really fascinating and interesting things that I think we are going to swing back over. We have discussed this before, about, we still don’t have ubiquitous high speed connectivity and bandwidth. I can’t make phone calls, although I can make a data connection. So I can’t do everything kind of dumb or thin terminal like on my phones. That’s why Apple started out with everything being links and then realized, boy, this sucks. So then they allowed applications to be placed back on the phone.

If you remember when they first came out, it was just a link to a website. Now it’s back to full-fledged apps again. So we are going to see really, really interesting stuff evolving out of that, and that’s kind of what interests me in the next five years.

Amrit Williams: And it will be exciting as the technology improves and we move to a model of free range data, so there are going to have to be data wranglers.

Chris Hoff: Data wranglers, yeah.  So actually, not to plug — well, actually, that would be a lie. To plug my Black Hat talk, the interesting thing here is, everything we have just discussed; my talk at Black Hat is called CLOUDINOMICON. The byline is, Idempotent Infrastructure, Building Survivable Systems, and Bringing Sexy Back to Information Centricity. So that’s exactly what we are talking about. It’s the fact that we have infrastructure that looks identical, which in by itself is an issue, with monocultures and built for scale.

(00:04:57)

We kind of know what building survivable systems mean, but we don’t do a very good job of it. And then the stuff we ought to be focusing on, which is the information, is the stuff that we have the hardest time getting our arms around, and yet, it’s the stuff that as we start to move it around everywhere, is what we need to protect.

So kind of it’s your main conversation given what I hoped to kind of revisit during my talk, but your observation was exactly correct; data wranglers. It’s going to be my new career title at some time I think.

Amrit Williams: And I think that you should give the Black Hat talk running chaps too, to really get the wrangler message across.

Chris Hoff: I could do that.

Amrit Williams: This has been a great conversation, and I think a lot of people are going to get a lot out of it. For those looking to hear more from the Hoff, you will be speaking at Black Hat CLOUDINOMICON. Do you have other conferences coming up that you will be speaking at?

Chris Hoff: I have got DEFCON, which is the FAIL panel too, and we also have the Cloud Security Alliance Summit during Black Hat, on the 28^th. Then I have got a bunch of stuff that I will probably annoy people with coming up. There is some stuff going on at the NASA IT Summit. I am giving a keynote at SANS in D.C. I have got RSA Europe coming up with Mogul, which is going to be a blast. I think we will be the first people this year to be completely deported. Perhaps RSA Japan. All sorts of good stuff coming up. Lots of fun!

Amrit Williams: So if people want to get in touch with the Hoff, they want to find out about what you are doing, where you are speaking at, get a little insight into some of the research you are doing, they can follow you at Twitter, @Beaker. They can go to your blog, which is Rational Survivability. What’s the address; is it just rationalsurvivability. –

Chris Hoff: .com.

Amrit Williams: .com, right on. Then they could find out more about the Cloud Security Alliance, that’s CSA.org?

Chris Hoff: Actually, cloudsecurityalliance.org. But if you really want to find out about me, you should come to the HacKid Conference in October in Boston that we are putting on, which is an amazing conference for kids and their parents; teach them how to hack, how to code, how to build robotics, trebuchets, hair hacking, food hacking, all that stuff.

Amrit Williams: Oh my God! What? I want to go. I want to be a kid again. You are going to build a trebuchet and teach people to do robotics, are you joking?

Chris Hoff: No, no, no. We have everything from Chris Boyd coming over from the UK, talking about safety online. We have teaching dads how to hack their kid’s hair. We have food hacking. We have electronic assembly, robotics, trebuchets. We have got meeting law enforcement. I mean, it’s awesome! It’s a two-day conference that came about because I took three of my girls to SOURCE Boston, because my wife left town, and so they had to tramp around a security conference.

They were interested in some things, but didn’t get others. So I thought, you know what, if I gear a conference that has security stuff and hacking stuff and hands-on, for kids and their parents, so you can’t leave them; you have to actually do it with them, it should be pretty cool.

So if you want to learn about that, go to hackid.org, and the schedule is posted. Registration will open pretty soon, and it ought to be a grand old time.

Amrit Williams: Man, that sounds fantastic! I want to — we are here in the Bay Area, I am going to talk to you about this after we get off the podcast.

Chris, I really appreciate you joining me. That was fantastic! Thanks man!

Chris Hoff: Okay dude, bye.

Announcer: You have just listened to Beyond the Perimeter, sponsored by BigFix Inc. Views expressed on this podcast are the personal opinions of podcast participants and do not reflect official positions of their employers or BigFix.