Intrusion of Information for purposes of exploitation is criminal.
Solutions are hardening of facilities, Identity Management, and local solutions, like encryption of Information Storage Units of Technology.

Intrusion by unauthorized users of Information that is deemed private is an invasion of privacy. Identity Management solves this.

Distribution of Information to reduce or remove risk of loss is Information Integrity, Disaster Recovery and Business Continuity.
If the Distributed Information is geographically dispersed it has the least risk of loss from Disasters.
It may be at higher risk to local exploitation.

These Security Risks could be called Types I, II and III. How these Types are assigned and weighted is purely a local option based on what the Information owner knows about the Value of the Content of the Information they own. There is now a Type IV to comply with regulations like HIPPA and Sarbanes-Oxley. Types I, II and III solutions will handle Type IV Security but do not provide the “clear” audit trail required.
A couple of easy yardsticks to determine Types are:
1) Which of your Stored Information generates 80% of your gross revenue?
2) Which of your Stored Information, should you lose it, will put you out of business?

I once heard a lot of talk about virtualization.
Now I hear a lot of talk about distributed architectures.
Both of these highlight the woeful inadequacy of existing Security from Intrusion exploitation and privacy invasion.
Both of them offer a great deal of promise for Information Integrity, Disaster Recovery and Business Continuity.

So is Step 1 virtualization or a distributed architecture to safeguard against Disasters and promote Information Integrity and Business Continuity?
Or true, meaningful Identity Management to secure against Intrusions?

Depends on your needs…

If you look at bvn’s Information stack (IS) Strategy, the more innovative a solution, the higher the risk.

What I tried to say was security does NOT come from the distributed architecture of Cleversafe type systems, rather from other traditional cryptography based measurements. It is very risky to think since my data is distributed over different nodes in pieces and not all the nodes will be compromised, thus my data is secure. If that is impression this type of systems wants to give ( see a previous blog here: http://storagemojo.com/?p=120, I don’t know whether this was Robin had in his mind with his understanding of Cleversafe ), then it is wrong.

Disclosure: I am not against any systems, Cleversafe or RealCleversafe …

I’m somewhat confused by your argument against the security of Cleversafe’s architecture. Cleversafe’s client authentication is basically the standard RSA public-private key exchange used by SSH and many other systems in addition to a symmetric encryption cipher for the bulk data encryption. Thus, I don’t understand why you suggest that this type of system is not secure at all.

I do agree that the weakest point in their architecture lies in compromising a user’s account and authentication/encryption keys, but I’m not sure of a good way to get around this. A user’s private encryption keys would be kept secure on their client machine separate from the grid and protected with a passphrase. Without having the private keys, an attacker would have to break the authentication process to receive access to a majority of the encrypted data slices and brute-force the encryption of everything (mathematically improbable).

Reference: http://www.cleversafe.org/wiki/Grid_Design#Encryption

Disclosure: I am not affiliated with the Cleversafe company nor open-source project, just a curious onlooker.

As of Cleversafe, again, I think they have done a good marketing. But all the basic components are already in LoDN ( I have to disclose I am in no way related to the LoDN project, which has not been a famous project at all. ) Users of Cleversafe, or any similar systems, should NOT have any illusion that data stored there is secure. The reason is very simple: the system has to provide an interface for a legitimate user to retrieve their data without worrying about which piece of data is stored on which node. Thus an attacker can simply use the same interface after assuming the legitimate user’s credentials, that is usually how attacks succeed. So without further cryptography-based measurements, this type of system is not secure at all.