Apple explores merging cloud content with locally stored media library

Apple could blur the lines between locally saved media files and additional content streamed from the cloud, listing all files as if they are part of the same media library on a device like an iPhone or a Mac.

The U.S. Patent and Trademark Office this week revealed a new patent application from Apple entitled "Audio Clips for Announcing Remotely Accessed Media Items." Discovered by AppleInsider, it details a system that would include a centralized list of media files -- some saved locally, and others available remotely.

The application suggests that Apple's long-rumored cloud-based iTunes music streaming service could allow users to seamlessly merge their locally saved media files with additional content available for streaming via the Internet. Rather than having a separate list of cloud-based content, all of the media would be listed in one location, and the Internet-connected device would play back the selected content from the appropriate location.

The application focuses largely on the audio "announcing" of selected content, as with the VoiceOver feature for the iPod shuffle. It suggests that such announcements would be accessed from prerecorded files that would be stored locally on the device, while unavailable announcements would be streamed remotely.

"The device can include an audio clip of an artist name, song title, and album name, for example generated using a text to speech engine, or pre-recorded by an actor," the application reads. "The electronic device, however, may only locally store audio clips for media items that the device knows will be played back, for example locally stored media items."

However, a more practical use for Apple's described invention would, of course, be for the streaming actual media itself, rather than VoiceOver clips, which are typically instantly generated. To this end, the patent filing details the ability of a user to "play back media items that are not locally stored" by streaming them from a "remote server."

The application describes media being identified by locally stored metadata, detailing the artist, song title or album title of a particular track, or other information for different types of media. By reviewing this metadata, a connected device like an iPhone could then begin streaming the appropriate content from the cloud, if the file is not locally stored on the device. Apple's filing notes that streamed media could be made available through the iTunes Music Store, or via an alternate source.

Apple has reportedly been interested in offering a cloud-based iTunes service for some time, but has had difficulties in securing the appropriate licensing deals with content providers. To bolster its cloud music efforts, Apple acquired streaming music service Lala in late 2009, but nothing has come of that investment yet.

Lala allowed users to upload their music collection to remote servers and stream it back on any computer via a Web browser. Some have speculated that type of service would be an appropriate use for Apple's $1 billion server farm in North Carolina.

 

New encryption tools address cloud security concerns

Startup CipherCloud is among the vendors offering products that let enterprises retain control over key management functions

A handful of vendors have begun rolling out new technologies designed to let companies take advantage of cloud computing environments without exposing sensitive data.

One of these vendors, CipherCloud, a Cupertino, Calif.-based startup, on Thursday launched a virtual appliance technology that companies can use from within their premises to encrypt or to mask sensitive data before it hits the cloud platform.

Unlike the case with encryption services offered by cloud providers, CipherCloud's technology lets enterprises have complete control over the encryption and decryption process, said Pravin Kothari, CEO and founder of the company. The only set of encryption keys resides with the enterprise and not the cloud provider, ensuring that only authorized users can view the data, Kothari said.

CipherCloud's algorithm works in a way that encrypts data without fundamentally altering the data format or function, said Kothari, whose previous startup was ArcSight, a company acquired by Hewlett-Packard last year for $1.5 billion.

CipherCloud's technology also supports a tokenization feature that replaces sensitive data entered into a cloud application with anonymous dummy values. The tokenization feature, like the encryption technology, lets companies mask sensitive data while ensuring that they still retain the ability to sort, search, validate and generate reports with it, according to Kothari.

CipherCloud's technology is designed to work with any cloud provider, although the launch version works only with Salesforce.com's cloud platform.

CipherCloud is not the only company offering such products. Another vendor offering a similar cloud encryption technology is Vormetric, which on Wednesday rolled out an encryption product for use within Amazon's Web Services platform. The Vormetric product also lets enterprises encrypt sensitive data that is stored in the cloud, while allowing them to retain full control over encryption key and policy management functions.

Voltage Security and Navajo Systems offer technologies that are similar in approach and function to CipherCloud's product. Like CipherCloud, Navajo has an offering for Salesforce.com's cloud computing platform.

Such technologies give companies an immediate way to protect data in their existing cloud applications, said Richard Stiennon, a security analyst at IT-Harvest. They also can help mitigate the data residency issues that can sometimes crop up when companies move data to the cloud, he said. Companies in certain industries for instance, can face restrictions when it comes to storing their data outside certain geographic borders. The data masking and cloud encryption tools that are becoming available today can offer a way around such issues, he said.

One example of an organization that plans on using such technology to get around data residency restrictions is the New Democratic Party (NDP) of Canada, which is a beta tester of the CipherCloud product. The NDP wanted to move its applications to Salesforce.com but was concerned about having its database of 24 million voters stored on Salesforce.com servers in the U.S.

"We really liked the Salesforce.com product, but we were highly reluctant to have our data stored in the U.S and being prone to the Patriot Act," said James Williamson, IT coordinator at the NDP. "Also, being a political party, our members our highly sensitive to storing their [personal data] in the U.S," he added.

Initially, the NDP considered the encryption services offered by Salesforce.com but decided not to pursue that avenue because the encryption keys would also be held by the provider. "If the Patriot Act was invoked, they would hand over the key, so there really was no protection," Williamson said.

At the recommendation of Saleforce.com, the NDP tried one other vendor that offered a similar encryption approach before trying out CipherCloud. So far, the experience has been positive, Williamson said. CipherCloud's technology has allowed NDP to encrypt and decrypt data on the fly, with no noticeable impact on performance, he said. The fact that key management functions are under the control of the NDP has lessened the risk of NDP's voter data being accessed in an unauthorized fashion, he said.

Oracle puts file management package in the cloud

Oracle Cloud File System, which combines a cluster file system and storage management software, could be used for building internal clouds or testing cloud apps

The programs included in the package are the ASM (Automatic Storage Management) Dynamic Volume Manager and the ASM Cluster File System. "Cloud FS is a new name for these technologies that are built on ASM," Thome said.

The ASM Cluster File System is a peer-to-peer-based file system that allows users to save material across a range of servers and to access that material from any one of those servers. In addition to being accessed directly through any node on the cluster, data can also be accessed by network file system protocols such as the NFS (Network File System) or Microsoft's CIFS (Common Internet File System).

The file system offers a number of advanced features possibly helpful for the administrator. An advanced permissions system allows administrators to specify when a file can be accessed and with what applications it can be accessed.

Files can also be tagged with attributes, such as the name of the application they are associated with. A user can, for instance, tag all the files that belong to one application and then perform some action against all those files, such as backing them up. "It's almost like a virtual directory, allowing you to perform some type of operation on a set of files that span multiple directories," Thome said.

While the Cluster File System can work as a standalone file system, it can also be overlaid with another file system, such as EXT3, NTFS (Network File System) or ZFS (Zetabyte File System), in order to get the benefits of those file systems as well. Users lose the ability to cluster data across servers with this approach, but still can enjoy other features offered by the Cluster File System.

The ASM Dynamic Volume Manager offers some helpful features as well. It also allows users to add more disks to a system without the need to rebalance data across all the available resources.

"You can grow the file system, shrink it, migrate it from one underlying storage pool to another without any sort of downtime," Thome said. The ASM also produces read-only snapshots of the file system.

Cloud FS is not the first cluster-file-system-based offering from Oracle. The company alsomanages the open-source Lustre project. Lustre, however, is more suitable for large HPC (high-performance computing) deployments consisting of 1,000 servers or more, Thome said. Cloud FS is better suited to smaller deployments, those around 25 nodes or so, though it has been tested to work with up to 100 nodes.

With Lustre, "you can do a lot of the same things, but it is not for the faint of heart. It takes a lot of configuration and setup. It's not the kind of thing you would do on a small scale," Thome said.

The Oracle Cloud FS can run on Sparc- and x86-based servers running Solaris or Linux, on PowerPC-based servers running IBM's AIX operating system, and on x86-based Windows servers.

The price for the Cloud FS package is US$5,000 per Oracle processor, Oracle's pricing mechanism for multicore processors.

The Internet kill switch idea is already hurting cloud computing

Giving the government the ability to control or even shut down the Internet would scare away organizations moving to the cloud

Pending federal legislation called the Protecting Cyberspace as a National Asset Act of 2010, aka Senate bill 3480, would grant the president of the United States the power to cut Internet access in a declared emergency, including blocking the Web for as many as 30 days, through a new agency to be called the National Center for Cybersecurity and Communications. This concept was introduced last year, and it returned to the forefront this week when the S.3480 bill passed in its committee on the same day Egypt's Internet connection was shut down to curtail widespread government protests.

Bad timing.

The popular myth is that the Internet can't be shut down. This was true in the days of the original peer-to-peer architecture of first ARPAnet and the original Internet, which the U.S. Defense Department designed to be resilient in the face of a nuclear attack or similar event. In such a case, the Internet would automatically reroute itself through accessible nodes. But today, as Egypt learned, the huge backbones that feed Internet service providers can in fact be plugged. Less dramatically, we've seen in the United States that a cut fiber line can leave large communities disconnected for days.

While I don't think this bill will end up as law, the concept of giving the government the ability to monitor, control, and block the Internet makes those organizations looking at the emerging cloud computing space think twice. Why would you put your data and processing in public clouds that depend on Internet connectivity when that connectivity can be pulled from you at any time?

Although I'm not one of those who normally distrusts my government, I can see cases where cloud providers are closed for business due to some security or regulatory issue caused by one cloud tenant, thereby plugging every tenant's access to their data as well until the issue is resolved. If passed, this bill will lead to a slippery slope where more access is cut off as a precaution in the name of safety and security.

Already, the very idea of a government Internet kill switch is spurring changes in user behavior as the more paranoid move their email and calendars back from cloud-based systems to locally controlled servers. If this bill progresses, more will follow suit. The fact that a business could be shut down by the government with just a flick of a kill switch will make many organizations think long and hard about their move to the cloud.