Mastodon Kuan0: 2014

Wednesday, 20 August 2014

Google Glass review: photos & pics

Here is the full version of my review of Google Glass for SCL (some photos are reduced to fit, scaled somewhat peculiarly due to my lack of time - just click on the photo for the full version).  Other photos (including a full photo taken using Glass) and screenshots showing Glass photos metadata are posted at http://blog.kuan0.com/2014/08/google-glass-photos-metadata-recorded.html.

glass-with-frame
glass2
Available in the US from 2013, Google Glass Explorer Edition arrived in the UK in late June 2014 - still in beta, so buyers are “Explorers”,[1] and Glass’s software is continually being updated (release notes and see this link). Glass won’t be available for consumers generally for some time yet.

I tried a demo unit (linked to dummy Google account) in Google’s London showroom,[2] assisted by a “Glass Guide”. Offers to pawn[3] my immortal soul couldn’t garner me a loan. I didn’t get to wear it outside, so couldn’t experience others’ reactions to Glass.

1.  What’s Glass?

A £1000 (incl. VAT), Android 4.4 KitKat wearable computer inside a 43g “headband”, worn like glasses: 5MP panoramic camera (720p video), 12 GB usable storage, 670 mAh lithium-ion battery, accelerometer/gyroscope (not stated in the specs but there must be one given how it works), wi-fi and Bluetooth (official specifications, additional info). Processor and RAM are not mentioned in the official specs, but a public Google+ post stated that new units will have 2GB RAM.

The titanium frame and nosepads are adjustable (press and hold). 5 colours are available (but no left-handed/eyed version) – see various photos.

glass-in-box-noframe

2.  Components[4]

Glass-diagram

1. Bone conductor transducer (“speaker”) – press it to your skull to hear more clearly. I had trouble although the volume was maxed, so the supplied earbud is indispensable in noisy settings. (The CPU and battery are inside the arm bulge – can get hot!)
2. On/off button power - inner side of headband. Press once to deactive/sleep Glass, press and hold to power up/down.
3. Touchpad – outer side of the headband’s right arm; a horizontal touchstrip rather than “pad”, stretching between components 2 and 4 in the diagram above.
4. Camera (the “shutter” button’s on top) and microphone (black vertical strip, inner side).
5. Display (monitor substitute[5]) - a small transparent cuboid on a hinged arm. Look up to the right to view the “screen”; Google analogises it to looking in a rear view mirror (at least for US drivers). Once adjusted properly via the hinge, it’s like viewing a 25” HD display from 8 feet away. Only a few lines of text are displayable.

Micro-USB port - beneath 2(ish), for micro-USB cable or earbud:

glass-usb-labelled-large

There's no hard volume control buttons – although you can change the volume in Settings, while listening to music, or during a phone call.

Here’s another view:

glass-labelled-large



3.  Basics

You can only buy one Glass per Google Account. If you need prescription lenses, you can get a special frame free with your Glass purchase, which Glass screws onto (see photo above). Or free shades instead, if you prefer.

In the box: Glass, pouch, micro-USB to USB cable (for charging, or connection to computer to access photos/videos), mono earbud (+£60 for stereo ones), 2 pairs of spare nosepads.
Warranty: 1 year.
Battery life: meant to be a day; intensive use eg video recording obviously affects that. Charges overnight. Sleeps (screen fades etc) some seconds after you stop interacting with it, to save battery life; tap touchpad or tilt head up to wake it. You can't change the sleep time.
Accessories (pay extra): eg shield, stereo earbuds, case, spare frame (scroll to the bottom of this page).
MyGlass app (iPhone / Android): effectively required, as some functions aren’t possible without it. Accessing the MyGlass website through a computer works, but that’s obviously less portable. You can install MyGlass without having Glass, but you won’t get far!

glass-myglass

The automated setup process makes you accept Google’s Glass terms of use (additional to the terms of sale), links Glass to your Google account, sorts out wifi/Bluetooth pairing, lets you add your top 10 contacts, etc.

4.  Buy?

You need a Google account and credit card. Lasiked? Best check with your doctor first.
  1. Google’s King’s Cross Glass showroom (locked, with beefy security guard).[6] By appointment only. But if you wander by and press buzzer looking pleading and winsome, they might just let you in.

    glass-showroom-KX

    glass-showroom-inside
  2. (Better bet) buy online (also see this) - there are standard terms of sale.

5. Play, not buy?

  1. Updated 23 Aug: Get a demo - you can now book one via https://glass.google.com/getglass/visit/GB (though it's not entirely clear if you can book an appointment just to try, rather than to buy)
  2. Buy, try, return within 30 calendar days for full refund (NB wipe it first!).

6.  Controlling Glass

On wakeup you’ll see the home screen (strictly, home “card”) showing the time and “OK Glass”.

glass-home-clock_160

Voice commands: while viewing the home card, say “OK Glass” to call up menu (nod up/down to scroll vertically); say menu option name.

glass-menu

Speak clearly and slowly, voice recognition isn’t perfect! When composing a message etc, it transcribes voice to text, but you can’t correct just the last word - you’ll have to start over.

Touchpad: used for many functions, eg tap to activate/OK/wake from sleep. Recognises tap and swipe forward/back/down (not up). Down means back/"escape"/home. For many menus you need to keep swiping for the next option.

Bluetooth keyboards may work, with tinkering (eg this link and this link). Google itself has patented a projected virtual keyboard. Someone’s produced a touchpad-controlled on-screen keyboard. People are working on remote controllers for Glass via Bluetooth (another example), maybe even full-size virtual keyboards (via bracelets).

7.  Functions/features

Glass is integrated with Google’s services, unsurprisingly. So, Google services will “push” emails/notifications etc on-screen. Functions include:
  • Search – say “OK Glass. Google [search term]”. (Interesting given Google’s trademarks battles to stop “Google” becoming a generic term for “search for Internet stuff”!)
  • Browsing - you can view websites found through searching, but not by spelling URLs.
  • Watch/listen to YouTube videos (again, search for them).
  • Make/take calls – works as a Bluetooth headset, if paired. Android/iPhone recommended.
  • Gmail – get notifications of newly-arrived emails to read, reply, star, archive, delete.
  • Send messages, photos etc – not just via Gmail but also Hangouts, SMS (Android only, not iOS). You need MyGlass to select email as a method. Talk, and text appears!
  • Google Calendar – see events for next 2 days, edit events, etc. I’m told events can be added too.
  • Google+ - view notifications, +1 or comment on posts, start or join video calls, share photos/videos with contacts/circles
  • Take photos “with some software improvements, like HDR” – 3 options (preview via a “viewfinder”):
    1. voice command
    2. “shutter” button
    3. (when that setting’s enabled) wink. Warning: blinking may result in inadvertent snaps…
    You can even take photos with mind control (by adding a biosensor EEG headset)! You can also snap“vignettes”: photos with the Glass display overlaid. There's no optical zoom but developers have created some apps enabling digital zoom. Filesize varies, could be 700KB->1MB
  • Record video – stops after 10 seconds unless you continue it (no audio recording's available, unless someone writes an app).
  • Share photos etc – via Hangouts, Google+ etc; post videos direct to YouTube.
  • Navigation/directions – see 10.
  • Google Now – “in-the-moment information based on your Google Now Settings”, including Weather, Stocks, Sports, and Flights. Includes notification of Now reminders, supposedly even finding where you’ve parked your car. This function seems potentially the most useful, but there’s obvious privacy implications – no room to discuss them here.
  • Translate foreign signs (Word Lens - amazing and currently free! Also on iPhone; Android Play Store).
  • Google Play Music – listen to your Play library music.
  • Screencast to Android tablet/phone – mirrors Glass display via Bluetooth.
  • Transfer photos/videos to computer – Glass behaves like a camera, when connected via cable. Only photos/videos are accessible in this way, but Google may change that if people would like access to other files. You can copy, rename, or delete photo and video files. However, renaming them will make them no longer available in the timeline (covered later). You can’t manage the files on Glass through your computer beyond that.
  • Backups – when Glass is charging and connected to wifi, an autobackup feature (enabled by defaul) will automatically sync photos/videos to a (supposedly private) folder or “album” on your Google+ account (without deleting them from Glass), and also autoupdate itself. I'm told that no other items are synced to Google+, currently. You can force initiation of backup manually. Stopping Glass autobackup from automatically copying your “private pictures” to Google+ seems much trickier[7] - a setting to disable autobackup would benefit privacy-conscious users. Another issue seems to be that deleting media from Glass, to free up space, deletes it from G+ as well (ie it syncs rather than backs up), which may defeat the object of backups. I'm told that:
    • An autobackup "clear" function removes items from Glass that are already backed up, but leaves backups intact.
    • Deleting photos via a timeline card – deletes from both Glass and online
    • Deleting from Glass via connected computer – deletes only from Glass.
  • Have it read emails etc aloud. It can also describe aloud what you touch, select etc.

8.  Use

A “card” fills the screen, eg home card, settings, calendar event notification, email/SMS notification, photo snapped, news event pop-up. (Experimental) “notification glance” opens the email etc on glancing up after receiving the notification. When notifications arrive, Glass also chimes.
glass-message
glass-now-notification
glass-calendar

Texts and emails are copied to internal memory and the timeline. As stuff happens or you do things, cards get saved to a “timeline”. New cards “push” older cards to the right. Scroll through cards in the timeline by swiping back/forwards. Related cards can be grouped in a “bundle”, eg Settings, upcoming calendar events. Cards are removed from the timeline in 7 days/after 200 cards. Check the timeline to view any notifications arriving during sleep.

9.  Apps (“Glassware”)

Unlike Google Play/iTunes apps, the Glassware Gallery of (Google-tested/approved) third party apps, ie “web services that can send content to and from Glass”, is accessible only through Glass + MyGlass. Glassware (unofficial directory, about 60 so far) includes Shazam music recognition, Twitter, Evernote, Guardian and other news apps, etc. No apps yet for speech to text notes (although you could email or text yourself a note), or PDF/Ebook reading, and porn apps were banned! There’s help/info for developers, including a downloadable SDK (software development kit), and current development seems particularly focused on medical applications.

10.  Limitations/issues

Perfect vision or contacts is best. Myopic me couldn’t see anything without holding it over my regular glasses.
glass-overglasses

But, it’s not designed to fit over specs. So you need a special frame (currently free if buying Glass, +£175 per extra frame, 4 styles available); then go buy prescription lenses, pay specialist opticians, pay again if your prescription changes.[8] Again there’s a range, including shades.

glass-display-range

MyGlass seems essential for some basic functions eg Gmail contacts, selecting how to send stuff (email, SMS etc – no SMS option with iOS). In my view Glass alone isn’t enough; ideally you need an iPhone or (better still) Android smartphone, to use Glass to its fullest with MyGlass.

It’s uncomfortable (even painful) to keep looking up/right continuously. Google recommends trying it for 30 mins the first day, then building up. However it’s not meant for prolonged continuous use,[9] but for short “micro-interactions”, so as not to distract you too much while hot air ballooning (as you do). That’s why the display’s small, Google says.

glass-message-while-ballooning

Even during my demo, a “Glass must cool down to run smoothly” message appeared; it downed tools, needing at least a minute’s rest before working again. I didn't time it, but my continuous use couldn't have been for more than 20-30 minutes when that message appeared, probably less. Can’t see how you’d video a full-length movie, despite cinemas’ fears!

Environment - with ambient noise, eg someone speaking loudly at the other end of the room, it’s hard to hear without the mono earbud. In bright sunlight, the display may be hard to see.

Navigation/getting directions requires a Bluetooth-paired GPS-enabled phone. Most other functions/apps need connectivity. For Glass to join secured wifi networks, use MyGlass on your linked phone or the Glass website on a computer. Otherwise, Glass can only join open wifi networks (as there’s no keyboard to enter passwords). But you can tether Glass to your phone via Bluetooth or wifi to use your mobile data plan, if your network allows it. A few apps don’t need connectivity, like Star Chart.

You have to trawl through the timeline to find things. There’s no timeline search, no structured way to access saved data eg “all photos”, “all emails”, etc. There’s no file manager eg to delete photos in bulk, even via MyGlass, though you can “clear” all media stored on Glass in one go.

11.  Security

The screen’s transparent. People can see what you’re seeing - if they peer closely and can read reverse text. You’d notice! Similarly, they’d have to be uncomfortably close to hear anything, or to issue voice commands that would be recognised (voice recognition is not tied to the individual user).

To secure Glass better and deter Glass-snatchers:
  • Set a screenlock code: a sequence of 4 steps, each comprising 1 of 10 different options: tap, swipe forward, swipe back, hook swipe forward, hook swipe back, each of which can be done with 1 or 2 fingers, giving 10,000 possible screen lock (or, strictly, unlock) patterns. Glass automatically locks after about 5 seconds’ inactivity, or on touching the power button, and if you've set a lock code then you'll have to enter the correct pattern to unlock it on waking it after sleep.[10]
  • Set “On head detection”, so that Glass automatically deactivates on removal, whether by you or a would-be Glass thief (and it wakes on putting it on).
After 10 failed attempts to enter the correct pattern, Glass locks itself out for a short period of time, during which you can’t attempt any pattern. Each successive failure locks it out for a longer period. After 15 attempts, you’re locked out permanently. When locked out, you can go to the MyGlass site or app and unlock it from there – it’ll generate a barcode that Glass will scan to unlock.

However, be warned that photos/videos stored on Glass are easily accessible just by connecting it to a computer, even if you've set a screen lock code. Also, texts and emails etc are stored in internal memory. If someone stole your Glass, I don't know how easy it would be to retrieve your emails etc too. If Glass offered full disk encryption (FDE) and you enabled it, that would scupper snoops or at least make their life much harder.

Google wouldn't tell me if Glass has FDE or not, but given the accessibility of photos/videos through USB, I imagine not. As Android tablets/phones offer FDE (albeit crackable), I hope Google will start supporting this for Glass.

The good news is that apparently people using Glass in sensitive settings (financial, government etc) can program Glass to their requirements. Eg Google said developers could change the voice command from “OK Glass”.

Google may deactivate your device if you tell them it’s lost/stolen, but that doesn’t delete data. However, Google says you can erase your device remotely via MyGlass or the Glass website, which wipes the device as soon as it connects to a network thereafter. A factory reset is possible through the Settings also. I don't know how thorough the wipe is - Google didn't tell me if that zeros all (or indeed any) data, how many passes are used etc, and how easily retrievable data may be after the erasure. But reportedly a reset doesn't fully wipe some other Android tablets or smartphones (Avast report including link to free app to overwrite files), and no overwriting app for Glass appears to be available yet.

12.  (Other people’s) privacy

People can see when the screen’s active (lit up) even from a distance. Though you could just be viewing a notification. They can’t tell if you’re taking a photo or recording a video unless you press the shutter button or wink. But any extra "mind control" headset's pretty obvious, and extending a video recording beyond 10 seconds requires tapping (though again you might be tapping to do something else). Glass can even be used to read other people’s phone/tablet passwords!

As for Glass users’ privacy (eg metadata saved with photos) and developer issues, that’s for another article (for space reasons), but I'll say for now that I was told no GPS location metadata is automatically saved with photos – though date/time data are saved (see details of the types of metadata automatically recorded with Glass photos).

13.  Other questions

Would you feel comfortable driving wearing them? Once used to it, and if it was in overglasses form (see below), I’d feel comfortable driving with it on, though I’d probably keep it in sleep unless I needed nav help. I’m not sure if you can disable everything except nav to minimise distraction (especially notifications), but that feature would be useful. For navigation while driving I’d prefer the screen to be top left or at the bottom, where checking it occasionally feels more natural than top right Top right might be fine for Americans or others where the driver's seat is on the left; less so for UK drivers. Google's terms of use has a disclaimer regarding using nav while driving; if I acted for Google I'd extend that to using Glass generally (not just nav) while driving, as notifications may be as distracting.

Does it make you feel constantly connected, or just connected whenever you wish to be? Is it intrusive / disruptive to your life having them always there, or is it just convenient? As it goes to sleep quite quickly, it’s only connected intermittently. Subject to the overglasses point below,[11] they wouldn’t feel intrusive or disruptive to me. Eg if notifications would be disturbing during a meeting, just put it to sleep until you’re ready to receive them. Whether others might find it intrusive is a different matter! Anecdotally I’ve heard of someone removing them and putting them round his neck, clearly inactive, before entering the men’s room. That might be part of evolving etiquette.

What unstructured data would you want it to structure? I didn’t quite follow this question. It’s meant for use on the go, receiving useful info like email notifications, or taking photos/videos hands-free – it’s not designed for structuring data (and see my file management/search points).
Other questions – (including by private message) were mainly on data/content and rights, which for space reasons I’ll cover in a separate future article.

14.  If only…

No frame’s available that’s designed to fit over one’s regular glasses. A Googler suggested that perhaps overglasses were thought unfashionable. True, some overglasses are functional, but others can be quite blingy. And some people can’t or don’t want to wear contacts or buy another frame just to use Glass.[12] I think more people would buy Glass, who wouldn’t otherwise, if an overglasses version were made available, at least for the general consumer release.

Personally, what I crave is a sub-500g laptop replacement for working on the move.[13] To me, Glass’s key innovation is that it obviates the need for a large (and heavy) physical screen, producing similar results for users through projection. I hope that eventually, as batteries become lighter, Google will release an overglasses model with:
  • much bigger screen (as seen by users) – particularly for those of us with ageing eyes
  • different design, hinged so that the screen can be moved into the middle of the user’s vision (much easier viewing than up/right) when desired, and moved back to the side when not.[14] That would enable users to read War & Peace comfortably on Glass – some would want to!
  • support for fast input via a full-size (but light) keyboard – whether portable Bluetooth or virtual keyboard using (not heavy) bracelets/rings
  • apps for reading and annotating PDFs, ebooks and other documents – and ideally writing/editing them too, eg Office for Glass? (in combination with full keyboard support, of course)
  • much longer battery life, and a processor/apps suited to extended continuous use, and
  • full disk encryption enabled by default, at least when you set a lock pattern.
Easier searching and file management would also be good, perhaps via another “remote control” device such as smartphone or computer (but with adequate security).

The above represents my own wishlist, but there are other use cases. A friend who’s a keen bird ringer would love to have a voice-activated, voice-output, wearable computer with the BTO app, so that while your hands are occupied handling a bird you could say “Fieldfare” and the computer would say and display “Fieldfare: Full grown ring C, Pulli ring C”, giving you the info hands-free - and ideally you should be able to scroll via voice alone too.

In terms of possible "legal" uses for Glass, Neil Brown has suggested a few:
  • Simultaneous translation of foreign language documents: as you are looking at a document, Google Glass converts the particular paragraph to your preferred language — perhaps enough for getting a gist of something, if tuned with a legal dictionary.
    • But this isn't possible yet – Word Lens is excellent, however it only works on quite large text, ie on signs. Hopefully in future the camera and app will both improve enough to make this possible.
  • As you read through a document, it captures the text, OCRs it, and turns it into a file for you to edit — perhaps even "dictating" notes as you read, which are then appended to that digital file for subsequent incorporation.
    • Again, if only! This expands in more detail on my own document reading/annotation wishlist item. OCR seems dependent on camera quality and app availability, especially as they would have to cater for any unsteady hands holding a document, and as previously mentioned an audio note transcription app isn't yet available (which would need more fine-grained error correction than "start all over again" if one word is transcribed wrongly).
  • Advocates in court, so that others can "pass notes" to them without having to shove pieces of paper around.
    • Yes, this is possible by sending an email or text to the advocate. It would be great if you could quickly put Glass into "restricted mode" in court, a kind of filter that lets through only important messages from (pre-defined, editable) contacts or groups of contacts, to prevent too many distractions in court or indeed meetings – then disable restricted mode again when you're out. It would be interesting to see if courts ban Glass, even for open sessions.
  • A presenter's notes available to them on a per-slide basis, just a quick glance away; no more need for shuffling papers in the hand, or looking down to a screen on the floor, tying you to one place on the stage. Or even just the "next build" for the current slide — moving the presenter view right into the presenter's view.
    • Again, not possible yet, see my wishlist item on "Office for Glass" – but hopefully one day!

15.  More info

16.  Verdict

As Google makes very clear, Glass is still in beta. Developers with an eye to the future of computing will certainly want, indeed need, one. As for everyone else, those earning below partner/professor/“head of” levels might understandably balk at paying £1000 for a beta product, unless of a pioneering bent or won over by the cool factor.

Personally, I’d happily buy one even at that price – but only if and when my wishlist features are incorporated, because a laptop replacement is my own ideal use case for Glass, and yes I’d don bracelets and not care how it looked! Until then, I’d consider Glass should the price be significantly reduced, but it’s probably of most benefit to Now and Plus users, and I’m not big on either.[15] So, for the features Glass currently offers, my smartphone is good enough for me, for now.

Info in this review was gleaned from quizzing Google staff at the demo, at Glass's London developers’ launch or from Google’s website. Some graphics are from Google’s site, used with Google's kind permission. Many thanks to the Googlers for their patient answers, which were of course to support the demo and are in no way official Google statements! This review is written in my personal capacity only.

© W Kuan Hon, 2014. This review may be copied/redistributed under a Creative Commons CC-BY-NC 2.0 UK licence, attributing Kuan kuan0.com and linking to this review ie http://blog.kuan0.com/2014/08/google-glass-review-photos-pics.html.


[1] Sometimes, somewhat unfortunately, known as“Glassholes”. So much so that Google released an etiquette guide of dos and don’ts for Explorers… including don’t “be creepy or rude”!
[2] Which Google calls Basecamp, but I’m tempted to call a Glass House.
[3] Not “surrender forever”. Not daft, me.
[4] Some patent diagrams have been posted.
[5] Helpful graphic on the science http://www.tagseoblog.com/how-google-glass-works-infographic
[6] Google asked me not to disclose the address, so no amount of coercion or bribery will get me to reveal it, no sirree. Not even chocolate. Updated 23 August: Google have since revealed the location publicly so I'll add it - it's 10 Stable Street, London N1C 4AB
[7] Including reports that disabling Google+ from Glassware didn’t work, and that Glass uploaded a private album from a paired iPhone! It seems the best if long-winded solution is to disconnect Glass from your phone and wifi, snap your “private pictures”, transfer them to a computer via the USB cable, delete them from Glass, then re-enable Glass connectivity…
[8] Could prove very expensive if you need more than one pair like me, but hopefully few people have eyesight as bad as mine. Disposable contacts aren’t available in a high enough prescription for my tiny bulgy eyes.
[9] “Glass is designed for micro-interactions, not for staring into the screen, watching Friday night movie marathons or reading "War and Peace."”
[10] The previous link says that Glass locks only on turning Glass off – but fully powering down isn't the same as just putting it to sleep, strictly. However, Google assured me that after pressing the power button once to deactivate it also locks it.
[11] Glass wouldn’t stay in place without my holding it over my specs. I can’t see without prescription lenses, and multiple prescription frames would be too expensive for me!
[12] Personally I’d have to buy another 2 frames just to use Glass. Were an overglasses version available, one unit would be all I’d need.
[13] Yes, I meant sub-500g. Sub-1 kg is still too heavy if you’re short, feeble, unfit – and/or have back problems. Teenagers, kids and some women would relish full computers weighing under 500g; even some men have bad backs.
[14] And even further in the future, get the screen to move into the centre automatically with a voice command, and out again with another!
[15] Now for privacy reasons - I’m still unclear exactly which parts of Google’s privacy policy apply to Now. I want to know details of what info it collects, who gets it, and exactly what they do with it, not vague/general purposes, so I don’t use Now on my Android tablet.
Plus, ditto – Google recently backpedalled on its initial insistence on real names, but did so too late for me. If it had allowed pseudonyms from the outset I would have tried it and maybe even moved on to using it with my real name, but currently I don’t have the time/energy/braincells to make the effort.

Tuesday, 19 August 2014

Google Glass photos - metadata recorded

What metadata is automatically recorded when you snap a photo with Google Glass? See screenshots below (which also give some info about the camera eg image size 2528x1856, sRGB, F-stop f/2.5, exposure time 1/297 sec, ISO-68). You'll see that no EXIF data on GPS location or place is saved with the picture, but "Date taken" is recorded. Updated: here's the link to my review of Google Glass for SCL.

glass-metadata1 

glass-metadata2
 glass-metadata3
 And here's a photo of a display case in the London Glass showroom (Basecamp, which I call a Glass House!):

glass-display-range
Plus (with permission) a photo taken using Glass itself - click on the image for the full-sized version:

Glass 20140806_194356_979

Wednesday, 23 April 2014

Cloud security principles - updated UK government guidance - markup

The UK government just updated their (alpha) cloud security principles guidance, first issued in Dec 2013.

There's now a set of several UK government cloud security guidance documents. The new documents are as follows (all still in alpha, comments sought):

As they didn't provide a markup or redline (maybe next time?), below is a basic (text-only) comparison of the changes made to the Dec 2013 version of the UK government cloud security principles. Some of the deleted text has been moved to the implementation guidance.

 

Guidance

Cloud Service Security Principles

Published 19 December 2013

Updated 23 April 2014

Contents

Data in transit protection

Asset protection and resilience

Separation between consumers

Governance

Operational security

Personnel security

Secure development

Supply chain security

Secure consumer management

Secure on-boardingIdentity and off-boardingauthentication

ServiceExternal interface protection

Secure service administration

Audit information provision to tenantsconsumers

Secure use of the service by the consumer

Glossary

Note: CESG’s Cloud Security Guidance is currently in ALPHA. Please send any feedback to the address [email protected].

This document describes principles which should be considered when evaluating the security features of cloud services. Some cloud services will provide all of the security principles, while others only a subset. It is for the consumer of the service to decide which of the security principles are important to them in the context of how they expect to use the service.

Some serviceThe security principles are part of the Cloud Security Guidance, which also includes guidance on implementing the principles and risk managing the use of cloud services. Service providers may take different approaches in implementing the principles, which will be able to offer higher attract different levels of confidence in how they implement the different security principles.risk. Risks associated with common implementation methods are set out in the guidance. Consumers will need toshould decide how much, if any, assurance they require in the different security principles which matter to themimplementation approaches.

These principles apply equally to Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) as defined by NIST.

1. Data in transit protection

The confidentiality and integrity of Consumer data transiting networks should be adequately protected whilst in transit.

The following aspectsagainst tampering and eavesdropping (integrity and confidentiality). This should be specifically considered:

Consumer via a combination of network protection (denying your attacker access to service

Withinintercept data) and encryption (denying the service (ability to for example, betweenan attacker to read data centres)).

2. Asset protection and resilience

Data should be physically secure as it is processed by and stored within the service. This security should be based on suitable physical security controls within data processing, storage and management locations.

The business requirements for availability of the service should be an important consideration when choosing a cloud service. The consumer should ensure that a contractual agreement is in place with the service provider which adequately supports their business needs for availability of the service.

The legal jurisdiction of the service will be an important consideration for many consumers, especially if they wish to use the service to store or process personal data. This principle depends on the physical locations of processing, storage, transit and management of the service.

The following aspects should be specifically considered:

Location of data centres hosting the service

Security surrounding those data centres

Location of service management facilities

How the confidentiality and integrity of data-at-rest will be maintained

Availability of the service

Consumer data, and the assets storing or processing it, should be protected against physical tampering, loss, damage or seizure.

3. Separation between consumers

Separation should exist between different consumers of a service should be achieved at all points within the service, including across compute, storage and networking resources.

An important consideration will be whether the service isto prevent a public, private,malicious or community, shared cloud service; if all tenantscompromised consumer from affecting the confidentiality, integrity or availability of the service are known to be trustworthy then less confidence in the separation propertiesanother consumer of the service may be acceptable.

4. Governance

The service provider should have a security governance framework that coordinates and directs their overall approach to the management of IT systems, services and information. A clearly identified, and named, senior executive should be responsible for security of the cloud servicethe service and information within it.

5. Operational security

The service provider should have processes and procedures in place to ensure the operational security of the service.

The following aspects should be specifically considered:

Configuration and change management

Vulnerability management

Protective monitoring

Incident management

6. Personnel security

Service provider staff should be subjected to adequate personnel security screening for their role. At a minimum this should include identity, unspent criminal convictions, and right to work checks. For roles with a higher level of service access, the service provider should undertake and maintain appropriate additional personnel security checksand security education for their role.

7. Secure development

The serviceServices should be designed and developed in a secure fashion and should evolve to identify and mitigate new threats as they emergeto their security.

8. Supply chain security

Cloud services often rely upon third party services. Those third parties can have an impact on the overall security of the services. The service provider should ensure that its supply chain satisfactorily supports all of the security principles that the service claims to deliverimplement.

9. Secure consumer management

Consumers should be provided with the tools they needrequired to help them securely manage their usage of the service.

The following aspects should be specifically considered:

Authentication of consumers to management interfaces

Separation of consumers within management interfaces

Authentication of consumers within support channels

Separation of consumers within support channels

10. Secure on-boardingIdentity and off-boardingauthentication

The service should be provisioned to consumers in a known good state, and their data must be satisfactorily deleted when they leave the service. When physical storage components reach their end of life, the service provider should make appropriate arrangements to securely destroy or purge any consumer data they held.

Consumer and service provider access to all service interfaces should be constrained to authenticated and authorised individuals.

11. ServiceExternal interface protection

All external or less trusted interfaces of the service should be identified and have appropriate protections to defend against attacks through them.

The following aspects should be specifically considered:

Connections to external services on which the service depends

Dedicated connections to tenants

Remote access by service provider

Publicly exposed services

12. Secure service administration

The methods used by the service provider’s administrators to manage the operational service (monitor system health, apply patches, update configuration etc.) should be designed to mitigate any risk of exploitation which could undermine the security of the service. The security of the networks and devices used to perform this function should be specifically considered.

13. Audit information provision to tenantsconsumers

Consumers should be provided with the audit records they need in order to monitor access to their service and the data held within it.

14. Secure use of the service by the consumer

Consumers will have certain responsibilities when using thea cloud service in order for their use of it to remain secure, and for their data to be adequately protected.

Depending on the type of service, the consumer will have responsibilities relating to the following topics:

Audit and monitoring

Storage

Networking

Authentication

Development security

End user devices used to access the service

Secure configuration of the service

Patching

15. Glossary

Management interface a service exposed to consumers or service provider administrators to allow administrative tasks to be performed.

Support channel an online, or out of band (e.g. telephone), communication channel which consumers can use to obtain support from the service provider.

On-boarding the process of a consumer moving on to the service.

Off-boarding the process of migrating a consumer away from a service.

Public, private and community cloud refer to the NIST definitions of these terms.

Consumer a tenant of the cloud service.

Sunday, 13 April 2014

Cloud computing: IaaS, SaaS, PaaS

What's the difference between IaaS, PaaS and SaaS? There still seems to be confusion especially about PaaS. I hope this will help.

Consider what lies behind using a software application, like email. (I will be simplifying and generalising below, to get the point across, so no need to point out eg that some languages are interpreted, that some programs can be run directly without installation, and that PaaS applications may need to be coded to integrate with the specific PaaS provider’s libraries!).

  1. The application is coded – someone writes the application in a programming language like C++, Python etc.
  2. The application is compiled – the code is converted into a form that can be run on a particular operating system eg Windows, Mac, Linux, Android, iPhone (iOS) etc.
  3. The application is acquired – eg downloaded from a website, obtained on DVD.
  4. The application is installed on the operating system – eg doubleclicking an .msi file in Windows.
  5. The application is run and used by the user – eg doubleclicking on the program filename.

Non-cloud – the end user of the application typically only takes steps 3-5, or even just 5 on a corporate network where the IT department has already taken care of 3 and 4.

SaaS – the cloud user only takes step 5, typically by logging into the SaaS service over the Internet (or company network) to access the application, instead of clicking on a local program name; the SaaS provider takes care of all the rest.

IaaS – the cloud user must take care of ALL of steps 1-5. In addition (consider this a step 3.5!) it must also manage its own VMs including creating VMs and installing the operating systems on its VMs (though it can use snapshots). But it could use someone else’s code (eg open source software) rather than writing the code itself (in which case it skips step 3). Or it could use someone else’s application, go straight to step 3 and install the application in its cloud VM on top of the operating system it installed, assuming the application licence allows installations in VMs. In step 5 the individual end users could be the employees of the cloud user organisation, or its customers, or both.

PaaS – the cloud user only takes care of step 1, again writing its own code (normally using an SDK or software development kit downloadable from the provider) or obtaining code from elsewhere. The PaaS provider handles steps 2-4. Step 1 can be and is often done locally, then the code is uploaded to the PaaS provider. Again, in step 5 the end users could be employees of the cloud user organisation or its customers. Hence startups offering new services over the web, eg mobile applications, like using IaaS or PaaS because they don’t have to buy equipment to service their customers, they can just focus on running their systems (in IaaS) and coding (in both). With PaaS, they don’t even have to manage IT systems - they can concentrate just on coding. Hence the ‘platform’ in PaaS – it provides a ‘platform’ for PaaS users to code their applications, deploy their applications (to servers provided by the PaaS provider) and host their applications (on servers provided by the PaaS provider), so that the applications are available for use by their end users over the Internet or corporate network.

Wednesday, 12 February 2014

9 Ds of Cloud Computing - what's different about cloud?

Here are my 9 Ds of Cloud Computing - D for Differences (which I produced for my Information Security FS 2013 presentation).

Cloud computing is a form of sourcing / outsourcing, of IT resources. But -

  1. Disassociation - separation of the physical from the logical is common (eg physical access to data vs logical, often remote, access); and so is separation of ownership vs control vs use
  2. Diverse supply chain (hardware, software, services); even layers of services are possible, eg:

    image
  3. Don’t always know or have influence over all suppliers - customers are in quite a different position from traditional outsourcing, it's often a 'cloud of unknowing' for customers, who may not always be able to find out full information about sub-providers etc, or be able to negotiate providers' standard contract terms
  4. ‘Direction of travel’ is reversed - if using sub-providers. In traditional outsourcing, a customer may go out to tender with details of the service it seeks, discuss the position with several shortlisted potential providers and narrow it down; the provider finds sub-contractors to help it deliver the service requested by the customer. In cloud, SaaS (or even PaaS) providers often build their services on top of pre-existing IaaS or PaaS services, then offer their services to customers, ie the 'direction of travel' is the opposite from that in traditional outsourcing; and opportunities for customising the service are limited
  5. DIY - cloud involves the self-service use by customers of  IT hardware / software infrastructure, offered as  services, such as software applications in SaaS or virtual servers in IaaS; the provider doesn't actively process data for customers
  6. Design – the design of the individual service (as well as user measures eg encryption, which the service may or may not facilitate) will affect the extent to which the provider has access to user data, including encrypted data. Key access is also critical - if the user has encrypted the data but the provider can access the key, it can still access intelligible data. Conversely if the provider has encrypted user data and manages the key securely, any sub-provider(s) may not be able to access intelligible user data.
  7. Data – cloud-processed data are often:
    1. distributed, which overlaps with the following, that cloud data may be
    2. divided into chunks / fragments which are stored, and sometimes processed, separately 
    3. duplicated (multiple replicas or copies of data may be taken, perhaps to different geographical locations, for backup/business continuity purposes),
    4. 'deleted' in different ways - deletion may only delete 'pointers' to data rather than scrubbing underlying data, which are gradually over-written over time; even any scrubbing of data may be achieved to different degrees of deletion (and security), and duplicates of data stored in backups, etc may not get deleted
  8. Dependence – on shared, third party resources - including the customer's Internet connectivity
  9. Degrees of control, eg regarding security issues, differ with the situation - it's not one size fits all (see table below)

image

Table © Cloud Security Alliance reproduced with permission

See also: previous post about the 12 Cs of Cloud Computing (here's the full SCL article: The 12 Cs of Cloud Computing: A Culinary Confection), including explanations of SaaS, PaaS and IaaS for those not familiar with the terms.

Monday, 6 January 2014

OECD Privacy Guidelines – changes between 1980 and 2013 versions – comparison / markup / redline

Here's a markup showing changes between the 1980 and 2013 versions of the OECD Privacy Guidelines (ie Annexes to the Recommendations), aka the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, as I've not found anything similar online.

I used Word's automated comparison feature, tidied up a bit, so the last few paragraphs are not as clear as they could be, but they're usable enough. Obviously I've not compared the explanatory memoranda as they're very different.

GUIDELINES GOVERNING THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA

PART ONE. GENERAL

DEFINITIONSDefinitions

1. For the purposes of these Guidelines:

a) "data“Data controller" means a party who, according to domesticnational law, is competent to decide about the contents and use of personal data regardless of whether or not such data are collected, stored, processed or disseminated by that party or by an agent on its behalf;.

b) "personal“Personal data" means any information relating to an identified or identifiable individual (data subject);).

c) “Laws protecting privacy” means national laws or regulations, the enforcement of which has the effect of protecting personal data consistent with these Guidelines.

d) “Privacy enforcement authority” means any public body, as determined by each Member country, that is responsible for enforcing laws protecting privacy, and that has powers to conduct investigations or pursue enforcement proceedings.

e) "transborder“Transborder flows of personal data" means movements of personal data across national borders.

Scope of the Guidelines

2. These Guidelines apply to personal data, whether in the public or private sectors, which, because of the manner in which they are processed, or because of their nature or the context in which they are used, pose a dangerrisk to privacy and individual liberties.

3. TheseThe principles in these Guidelines are complementary and should be read as a whole. They should not be interpreted:

a) as preventing:a) the application, of different protective measures to different categories of personal data, of different protective measures depending upon their nature and the context in which they are collected, stored, processed or disseminated; or

b) the exclusion from the application of the Guidelines of personal data which obviously do not contain any risk to privacy and individual liberties; or

c) the application of the Guidelines only to automatic processing of personal data.

b) in a manner which unduly limits the freedom of expression.

4. Exceptions to the Principles contained in Parts Two and Three of these Guidelines, including those relating to national sovereignty, national security and public policy ("ordre public"), should be:

a) as few as possible, and

b) made known to the public.

5. In the particular case of Federalfederal countries the observance of these Guidelines may be affected by the division of powers in the Federation.federation.

6. These Guidelines should be regarded as minimum standards which are capable of beingcan be supplemented by additional measures for the protection of privacy and individual liberties., which may impact transborder flows of personal data.

PART TWO. BASIC PRINCIPLES OF NATIONAL APPLICATION

Collection Limitation Principle

7. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

Data Quality Principle

8. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

Purpose Specification Principle

9. The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

Use Limitation Principle

10. Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except:

a) with the consent of the data subject; or

b) by the authority of law.

Security Safeguards Principle

11. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.

Openness Principle

12. There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.

Individual Participation Principle

13. An individualIndividuals should have the right:

a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;them;

b) to have communicated to himthem, data relating to himthem

i. within a reasonable time;

ii. at a charge, if any, that is not excessive;

iii. in a reasonable manner; and

iv. in a form that is readily intelligible to him;them;

c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and

d) to challenge data relating to himthem and, if the challenge is successful to have the data erased, rectified, completed or amended.

Accountability Principle

14. A data controller should be accountable for complying with measures which give effect to the principles stated above.

PART THREE. IMPLEMENTING ACCOUNTABILITY

15. A data controller should:

a) Have in place a privacy management programme that:

i. gives effect to these Guidelines for all personal data under its control;

ii. is tailored to the structure, scale, volume and sensitivity of its operations;

iii. provides for appropriate safeguards based on privacy risk assessment;

iv. is integrated into its governance structure and establishes internal oversight mechanisms;

v. includes plans for responding to inquiries and incidents;

vi. is updated in light of ongoing monitoring and periodic assessment;

b) Be prepared to demonstrate its privacy management programme as appropriate, in particular at the request of a competent privacy enforcement authority or another entity responsible for promoting adherence to a code of conduct or similar arrangement giving binding effect to these Guidelines; and

c) Provide notice, as appropriate, to privacy enforcement authorities or other relevant authorities where there has been a significant security breach affecting personal data. Where the breach is likely to adversely affect data subjects, a data controller should notify affected data subjects.

PART FOUR. BASIC PRINCIPLES OF INTERNATIONAL APPLICATION: FREE FLOW AND LEGITIMATE RESTRICTIONS

16. A data controller remains accountable15. Member countries should take into consideration the implications for other Member countries of domestic processing and re-export of personal data. under its control without regard16. Member countries should take all reasonable and appropriate steps to ensure that transborder flows of personal data, including transit through a Member country, are uninterrupted and secure.the location of the data.

17. A Member country should refrain from restricting transborder flows of personal data between itself and another Member country except where (a) the latter does not yetother country substantially observeobserves these Guidelines or where(b) sufficient safeguards exist, including effective enforcement mechanisms and appropriate measures put in place by the re-export of such data would circumvent its domestic privacy legislation. A Member country may also impose restrictions in respect of certain categories of personal data for which its domestic privacy legislation includes specific regulations in view of the nature of those data and for which the other Member country provides no equivalent controller, to ensure a continuing level of protection. consistent with these Guidelines.

18. Member countries should avoid developing laws, policies and practices in the name of the protection of privacy and individual liberties, which would create obstaclesAny restrictions to transborder flows of personal data that would exceed requirements for such protection.should be proportionate to the risks presented, taking into account the sensitivity of the data, and the purpose and context of the processing.

PART FOUR.

PART FIVE. NATIONAL IMPLEMENTATION

19. In implementing domestically the principles set forth in Parts Two and Threethese Guidelines, Member countries should:

a) develop national privacy strategies that reflect a co-ordinated approach across governmental bodies;

b) adopt laws protecting privacy;

c) establish legal, administrative or other procedures or institutions for the protection of privacy and individual liberties in respect of personal data. Member countries should in particular endeavour to:and maintain privacy enforcement authorities with the governance, resources and technical expertise necessary to exercise their powers effectively and to make decisions on an objective, impartial and consistent basis;

a) adopt appropriate domestic legislation;

bd) encourage and support self-regulation, whether in the form of codes of conduct or otherwise;

ce) provide for reasonable means for individuals to exercise their rights;

df) provide for adequate sanctions and remedies in case of failures to comply with laws protecting privacy;

g) consider the adoption of complementary measures which implement the principles set forth in Parts Two and Three; and, including education and awareness raising, skills development, and the promotion of technical measures which help to protect privacy;

eh) consider the role of actors other than data controllers, in a manner appropriate to their individual role; and

i) ensure that there is no unfair discrimination against data subjects.

PART FIVE.

PART SIX. INTERNATIONAL CO-OPERATION AND INTEROPERABILITY

20. Member countries should, where requested, make known to other Member countries details of the observance of the principles set forth in these Guidelines. Member countries should also ensure that procedures for transborder flows of personal data and for the protection of privacy and individual liberties are simple and compatible with those of other Member countries which comply with these Guidelines.

21. Member countries should establish procedures to facilitate:

information exchange related to these Guidelines,

20. Member countries should take appropriate measures to facilitate cross-border privacy law enforcement co-operation, in particular by enhancing information sharing among privacy enforcement authorities.

21. Member countries should encourage and mutual assistance in the procedural and investigative matters involved. support 22. Member countries should work towards the development of principles, domestic and international arrangements that promote interoperability among privacy frameworks that give practical effect to these Guidelines.

22. , to governMember countries should encourage the applicable law indevelopment of internationally comparable metrics to inform the case of policy making process related to privacy and transborder flows of personal data.

23. Member countries should make public the details of their observance of these Guidelines.