Good afternoon and welcome back to another post from ToBeSecured. As school has started, be careful of online shopping or donating to websites before checking the validity of each one. Hackers make copies of Domain names and without paying attention, we can all become a victim in their schemes. Make sure there aren't any grammatical errors or misspelled words. Also, if a website is asking for unusual information or the prices seem too good to be true, do not second guess yourself as you should check to see if the website is legit. There is nothing wrong with taking that extra step of security versus continuing with a purchase you are unsure of making. This will help to fight against compromised data (data breach), viruses being planted on your device, and identity theft. Be sure to share these tips as I am sharing them with you.
On today's topic of ToBeSecured, I will be discussing a new platform that allows users to authorize how they want their data to be used. I also want to gain your perspective on this idea and how you think it will be a game-changer of technology.
Riverbed, the new platform developed by MIT and Harvard University researchers ensures that web services adhere to users' preferences on how their data is used and stored in the cloud. If you are unfamiliar with cloud computing, take a look around. Everything is stored on the cloud in today's world, from pictures, music, email addresses, social media profiles, and other data. Users of mobile applications or web services, myself included, store this personal data on remote data center servers. Services often combine multiple users’ data across servers to gain insights on, say, consumer shopping patterns to help recommend new items to specific users, or may share data with advertisers. We see it everyday as we wonder how certain ads appear on websites that targets our preferences. Data is taken from web browsers of our daily activities - what we watch, buy, listen to, etc. and is collected for advertising purposes. Traditionally, however, users haven’t had the power to restrict how their data are processed and shared.
In Riverbed, a user’s web browser or smartphone app does not communicate with the cloud directly. Instead, a Riverbed proxy runs on a user’s device to mediate communication. When the service tries to upload user data to a remote service, the proxy tags the data with a set of permissible uses for their data, called a “policy.”
In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.
Users can select any number of predefined restrictions — such as, “do not store my data on persistent storage” or “my data may only be shared with the external service x.com.” The proxy tags all the data with the selected policy.
In the data center, Riverbed assigns the uploaded data to an isolated cluster of software components, with each cluster processing only data tagged with the same policies. For example, one cluster may contain data that can’t be shared with other services, while another may hold data that can’t be written to disk. Riverbed monitors the server-side code to ensure it adheres to a user’s policies. If it doesn’t, Riverbed terminates the service.
What does this mean? I'm glad you asked, but in condensed form, the platform's proxy will handle communication between our devices and the server of the application trying to collect our data. Whatever we allow will be tagged, categorized based upon each restriction that is set, and monitored to ensure our policies are followed. Riverbed aims to enforce user data preferences, while maintaining advantages of cloud computing, such as performing large-scale computations on outsourced servers. The platform is giving us the ability to tell applications how we want them to use our data. It forms a level of trust because this serves as a selling point of the application that says "we care about user's privacy and our goal is to protect it."
And this is just the surface area of the application. There's a deep dive into it as users have their own "universe" or space where their data and restrictions will be placed if they do not want their data aggregated with other users. In 2016, the European Union passed the General Data Protection Regulation (GDPR), which states that users must consent to their data being accessed, that they have the right to request their data be deleted, and that companies must implement appropriate security measures. For web developers, however, these laws provide little technical guidance for writing sophisticated apps that need to leverage user data.
Primarily, Riverbed leverages the fact that the server-side code of an app can run atop a special “monitor” program — programs that track, regulate, and verify how other programs manipulate data. So I ask you, do you think this is a start to changing the game of how our privacy is protected? For a change, here is a topic on the positive side of technology relating to data privacy. Are you on board with this idea or is this too much of a responsibility in dealing with your own rules and regulations? Respond in the comments below or start a discussion under the Forum tab.
Thank you for dropping in and remember ToBeSecured!
Comments