GFCI for Google Toast

I’ve probably beaten the toaster metaphor to death by now, but just in case it’s still alive here’s one more note on it.

My presentations often use a slide on the fallacy of treating commodity alone as a measure of safety and reliability. I argue that the toaster was unsafe for 54 years, until the invention of the ground fault circuit interrupter (GFCI). This was a big theme in my VMworld presentation in 2010, based on my ISACA presentation from 2009.

I received rave reviews on this metaphor and was told it helped frame the toilet technology timeline (T3) presented by the Cloud Security Alliance at RSA San Francisco a few months later.

I am not sure inefficient, unsanitary and unhealthy waste management concepts made for the best security metaphor but it definitely is more amusing than toasters. Whether you have a commodity metaphor or a commode metaphor it does not change the fundamental issue of progress in customer safety. How do you trust a provider? Would you wear this?


It is not safe to assume controls for a commodity will be included within a commodity design itself, or even within the architecture presented by a manufacturer or service provider.

Cloud providers may not have security as their goal any more than toaster manufacturers aim to prevent you from being electrocuted (they can do it). Many important security features are likely to be an add-on or an external improvement; a result of external factors like regulation.

Tokens and encryption at the client are complicated but good examples of this effect. You can replace all the data in the cloud with tokens or data encrypted by a key to which the cloud provider never has access.

Another example of this just popped up in CSO. A company figured out a way to make Google applications safer — use a third-party security mechanism. Here’s their GFCI for Google toast.

I started looking around the at third-party apps, some of which were administrative tools, to see if there was there anything that could help me with the visibility component. I found CloudLock. Their tool gives me the ability to retrospectively know if something has been shared with the public, to an individual outside my domain, or within my own agency. We are using all three levels of sharing appropriately. They key to being able to use Google Docs is having the visibility on it.

The lesson is don’t take a bath in cloud applications unless you can detect and prevent a failure, and don’t assume safety controls are built into the apps or even offered by cloud providers. An external/add-on control can save your SaaS.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.