May 152008
 

Lots of good reporting lately on the $13.9B purchase of EDS by HP. Many are saying its the clearest sign yet that cloud computing has fully arrived. Others say the purchase is more about buying market share and becoming the world’s #2 IT outsourcing company, behind IBM. Rob Hof of BusinessWeek has a really good roundup post with some different perspectives:

http://www.businessweek.com/the_thread/techbeat/archives/2008/05/is_hp-eds_deal.html

One question interesting to me is whether a giant company like HP/EDS can make the concept of cloud computing more palatable to the federal market. EDS is the 19th largest contractor to the federal government, with $2.4B worth of business in 2006. The combined company would seem well positioned for even more government work. Here’s Government Executive on the deal:

http://govexec.com/dailyfed/0508/051308bb1.htm?rss=getoday

Security isn’t mentioned in any of the above articles. That’s a good reason the government is cautious about outsourcing infrastructure over the cloud. At the foundation of Internet transport is the DNS system, a simple protocol that translates IP addresses into the shorter domain names familiar to us all like amazon.com and yahoo.com. It was not designed originally with security in mind, and needs to be “hardened” as more and more critical applications ride along above it.

Here’s an article yesterday from Government Computer News that makes this point very strongly. What is being described here is mandating that the government implement DNSSEC — Domain Name System Security Extensions — although the article doesn’t use the term. DNSSEC allows the the digital signing of DSN responses for authenticity, in other words ensuring the reply (IP address) is coming from the right server. This prevents spoofed return addresses and helps defend against DNS cache poisoning and Distributed Denial of Service (DDOS) attacks.

http://www.gcn.com/online/vol1_no1/46262-1.html

 Leave a Reply

(required)

(required)