Professional Documents
Culture Documents
dangers
of the
cloud
BY DAVID MAT
Cloud computing
A new Trend
And Computing
When this abstraction is applied to computing, a
similar abstraction can be made. The term cloud
computing describes the direction in which
information infrastructure seems to be moving.
The concept, quite simply, is that vast computing
resources will reside somewhere out there in the
ether, or cloud (rather than in your computer
room) and we'll connect to them and use them as
needed. It no longer matters where the data or
Key concepts
The computing world has recently been moving toward a cloud computing architecture For end
users, this signals a stronger move toward web applications Developers and businesses mostly
appreciate the lower investments required to turn ideas into practice However, this young and
upcoming technology is still plagued by security and privacy concerns
1
Services
Three recent innovations in technology have led to
this new way of looking at computing. The recent
shift toward cloud computing is due, in part to the
commoditization
and
standardization
of
technologies, in part to virtualization and the rise
of service-oriented software architectures, and
most importantly, to the dramatic growth in
popularity of the Internet.
A key concept in cloud computing is offering
everything as a service: from the infrastructure
(Infrastructure as a Service IaaS) over the
development platforms (Platform as a Service
PaaS) to the end-user applications (Software as a
Service SaaS). In other words, cloud computing is
taking the previous computing trends, Service
Oriented Architecture (SOA) and Web 2.0, one step
further. SOAs major focus is on the software, just
like Web2.0s focus is on offering (social) software
services over the internet. Now also the underlying
platforms and hardware are being offered as a
service.
Utility Computing
The concept of offering everything as a service, has
led to a new underlying business model: Utility
computing. Utility computing is the packaging of
computing resources, such as computation and
storage, as a metered service similar to a
traditional public utility (such as electricity). This
system has the advantage of low or no initial cost
to acquire hardware; instead, computational
resources are essentially rented. This means that
the move toward cloud computing can in essence
be compared to the move toward power grids in
Infrastructure as a Service
The most well-known IaaS provider is Amazon.
While the company is best known for being the
worlds biggest online book vendor, it has always
considered itself to be a technology company at
heart. Serving some 65 million visitors each month
requires large amounts of technological know-how
and even larger investments in infrastructure. To
generate some extra income from these
investments, Amazon has started offering a set of
different services to web application developers
under the moniker of Amazon Web Services. One
of these services is Amazon Elastic Compute Cloud
(EC2). It is a web service that provides resizable
computing capacity in the cloud. It is designed to
make web-scale computing easier for developers.
EC2 allows developers to create a virtual instance
of a variety of operating systems, load it with their
custom application environment and run it
immediately; essentially setting up a web server in
a matter of minutes. Amazon also calls its service
elastic for a reason. At peak loads, you can easily
set up a few more servers to expand you
computing power at will. Its even possible to set
up an application to automatically scale itself up
and down depending on its needs. The service is
not just popular with developers of web
Platform as a Service
One step up from pure utility computing are
platforms like Google AppEngine and SalesForces
force.com, which hide the virtual machine
instances from the infrastructure level behind
higher-level building blocks know as application
programming interfaces (APIs).
Software as a Service
The number one benefit of such a service is that it
makes application development easier. These
platforms provide the basic building blocks on
which cloud applications can easily be constructed.
Additionally, there is a large degree of scalability
built into these platforms, as their underlying
infrastructure is in the cloud as well. Finally, you
will not need to hire a professional systems
administrator more than likely as they are part of
the service itself.
Dangers
Compliance
Take for example the Sarbanes-Oxley Act. This
legislation, designed to protect shareholders and
the general public from fraud in the enterprise was
enacted mainly in response to the Enron scandal. It
sets certain requirements on financial reporting,
among other things by defining which records are
to be stored and for how long. The Sarbanes-Oxley
Act states that all business records, including
electronic records and electronic messages, must
be saved for "not less than five years." Any public
company in the United States of America needs to
comply with these rules.
The legislation not only affects the financial side of
corporations, it also affects the IT departments as
they are responsible for making sure these records
are never lost and are kept for the required period
of time. Even if a company contracts with an
external cloud-based provider, these regulations
hold the company itself responsible.
Compliance
Data Location
Data Ownership
Data Segregation
Availability
Recovery
Viability
Security
Data Ownership
Data Location
Data Segregation
Another concern relating to the privacy of your
data is that of data segregation. As your data is
stored, it will probably be sitting alongside the data
of other users, or other companies. It is important
to know whether your data is properly segregated
from the rest, i.e. whether it wont actually be
exposed to other customers.
Encrypting your data might be a solution, but again
you rely on your service provider to make
adequate encryption schemes available, designed
and tested by experienced specialists. Encryption
has its own share of problems and issues however.
For example, encryption accidents can make data
totally unusable, and even normal encryption
places a considerably increased load on the cloud
providers systems. Therefore, a service provider
might be tempted to opt for an inferior, but
quicker, encryption scheme or perhaps use no
encryption at all
Recovery
Availability
Amazons cloud services are a good illustration of
this point. Users have noticed that its cloud
services slow down during the holiday period. The
big question here is how cloud computing
providers adapt to peak loads themselves. Cloud
computing is designed for easily scaling to the
customers requirements. When the load is high,
the customer is given more computing power,
when the load is low, this is reduced again, to save
costs for the customer and to have computing
power available to other customers. But cloud
computing providers, in casu those providing cloud
infrastructure, only have a limited amount of
hardware and resources available to them. When
part of the infrastructure fails, say due to a power
outage, will the cloud provider be able to keep the
services up and running, or will they fail?
Organizations perceive the cloud as being
unreliable. The reason for this is that cloud
applications go down, this is usually highly visible,
Viability
What happens when your cloud service provider
decides to pull the plug on a certain server? Even
worse, what happens if it goes out of business
entirely?
When we look at SaaS, we see a rapidly changing
landscape, with many startups trying out
innovative ideas, but few with a real plan to
monetize those ideas, indicating that concerns like
these are more than warranted.
A key thing to look for in any cloud service is thus
export options. Every cloud service should provide
a way preferably according to some wellsupported standard to export your data. This
way, the users can keep a local copy of their data,
just in case things go wrong.
Viability is one of the key factors for PaaS. For
example, take SalesForce. Thousands of businesses
have invested heavily in building key line of
business applications on top of the SalesForce CRM
service. For them it would be a disaster if the
platform they have based their key applications on
were to go out of business.
Picnik
This is photo editing in the cloud. Upload
images from your local machine or
import them from another cloud service
such as Flickr or Facebook. The site's
simple interface masks surprisingly
powerful editing tools.
Mobile Me
This service from Apple, launched
together with the iPhone 3G,
synchronizes e-mails, photos and
contacts between multiple devices. Your
Mac, iPhone and iPod will stay in sync
(so long as they have access to Apple's
servers in the cloud).
Network.com
Sun's cloud offering. Computing power is
available for hire by the hour to power
on-demand cloud services. Used mainly
for processing scientific data.
G.ho.st
Stands for Global Hosted Operating
System. G.ho.st is a flash-based cloud
operating system (OS). The web desktop
looks and feels like a PC desktop
interface, but it is accessible anywhere
Security
A typical saying in the world of software security is
that good security takes time. The cloud
approach to computing doesnt map well to typical
good security design. The biggest issue is how
A Bright Future
10