Its too bad that Dick Cheney’s awkward little epistemological speech has been so thoroughly politicized, turning an important risk management principle into an opportunity for derision. Intelligence analysts, and IT analysts, need to be acutely aware of the limits of their knowledge, especially when making decisions about the how to take advantage of public cloud services.
Anybody making risk decisions about public clouds needs a strong understanding of the degree to which they can trust the information they have about those services. To apply this particular Theory of Knowledge principle to Public Cloud Services:
1) Known Knowns: If data is encrypted before it is uploaded, we know that it is encrypted. If the data is not encrypted, we know that it can be read by anyone who accesses it, which leads to the second category.
2) Known Unknows: If our clear text data is in someone else’s site, we know that it is vulnerable. What we cannot ever know for certain is whether an unauthorized person takes advantage of that vulnerability. Its a level of ambiguity, but an understood one.
3) Unknown Unknowns: If there were some sort of vulnerability that we had never conceived of, it would be in this final categority. The fact that you haven’t even thought it might exist, means that you don’t know what to look for to ensure that it is controlled. An example might be a cloud service provider that exposes your email boxes to external surveillance in order to conduct load balancing and facilitate service continuity.
In retrospect, if a cloud service provider claims to be spreading your data across multiple locations (which virtually all of them do), before storing your data in that service, it would make sense to ask them what mechanism they use to transmit your data between those locations, and how they protect it in transit. I see a lot of cloud service provider questionnaires, but I don’t ever remember this particular issue coming up.
An example has recently come to light of an ongoing confidentiality failure involving a CSP copying customer data between their data centers. For many cloud buyers the news of this unexpected form of exposure has moved this particular risk from category 3, into category 2. Now we all know that we don’t know how our data is protected when it is being replicated between CSP data centers.
We can only hope that not every virtual backend is flapping open in a packet storm.